e99aa2a3d1af9d2eee6f973180abe79ccd9a0c57f7b6145efffccaf591ea28b2

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 11:01

Target

b8941dc69f955a20c261c58e5a1510de.exe
Size

476KB
MD5

b8941dc69f955a20c261c58e5a1510de
SHA1

d9854fda72f01e2a2f54e62c1e02ebc707f89874
SHA256

e99aa2a3d1af9d2eee6f973180abe79ccd9a0c57f7b6145efffccaf591ea28b2
SHA512

11978bfa17850548e514f97d2d2fd41ecc5d42e4f0a94dafc4ae75dcbab70ad3f090cb665989831dc59dd25f48921b509548c147c3d029f7ba19294befe9d671
SSDEEP

12288:mLFYoC+KwJ1d1UtCsxvSlMJWxZznKtTQB:mxdC+KwgtCsxvSlMJWxZznK1y

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2184 set thread context of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28
PID 2184 wrote to memory of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28
PID 2184 wrote to memory of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28
PID 2184 wrote to memory of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28
PID 2184 wrote to memory of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28
PID 2184 wrote to memory of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28
PID 2184 wrote to memory of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28
PID 2184 wrote to memory of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28
PID 2184 wrote to memory of 1496	2184	b8941dc69f955a20c261c58e5a1510de.exe	28

C:\Users\Admin\AppData\Local\Temp\b8941dc69f955a20c261c58e5a1510de.exe
"C:\Users\Admin\AppData\Local\Temp\b8941dc69f955a20c261c58e5a1510de.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\b8941dc69f955a20c261c58e5a1510de.exe
  "C:\Users\Admin\AppData\Local\Temp\b8941dc69f955a20c261c58e5a1510de.exe"
  2⤵
  PID:1496

memory/1496-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1496-2-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1496-4-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1496-6-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1496-8-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1496-10-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1496-12-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1496-13-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download