79ee7936e54b8807fbad0e1279f632557fda64849f605a3a3e348dd997f4ef4c

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 09:46

Target

b71e18cae2773313ef519918cdbde713.exe
Size

25KB
MD5

b71e18cae2773313ef519918cdbde713
SHA1

c30aeac509b26d3ed469086ac01a5276dc21a1a2
SHA256

79ee7936e54b8807fbad0e1279f632557fda64849f605a3a3e348dd997f4ef4c
SHA512

81f8e1d2e04170a12e6c111e2d510a8885f6af9a4d316ab2899082ceec15676724009993483aa1e4905a53370b9d0783905ccd98e1381b0545c486b857e4e7be
SSDEEP

384:o6TWApELmSY3BSz3Y94aiD2nDthq1Zolou884rSoyH2VUZ7OCFy35Sj:o94SY3MzaiD+ZE1Nuxbz2oDj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2008 set thread context of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2184	b71e18cae2773313ef519918cdbde713.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28
PID 2008 wrote to memory of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28
PID 2008 wrote to memory of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28
PID 2008 wrote to memory of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28
PID 2008 wrote to memory of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28
PID 2008 wrote to memory of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28
PID 2008 wrote to memory of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28
PID 2008 wrote to memory of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28
PID 2008 wrote to memory of 2184	2008	b71e18cae2773313ef519918cdbde713.exe	28

C:\Users\Admin\AppData\Local\Temp\b71e18cae2773313ef519918cdbde713.exe
"C:\Users\Admin\AppData\Local\Temp\b71e18cae2773313ef519918cdbde713.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\b71e18cae2773313ef519918cdbde713.exe
  "C:\Users\Admin\AppData\Local\Temp\b71e18cae2773313ef519918cdbde713.exe"
  2⤵
  - Suspicious use of UnmapMainImage
  PID:2184

memory/2008-11-0x0000000000040000-0x000000000004D000-memory.dmp

Filesize
52KB

Download
memory/2184-0-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2184-1-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2184-2-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2184-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2184-6-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2184-7-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2184-10-0x0000000000040000-0x0000000000040000-memory.dmp

Download