feacb85e8653c6a66912adcb24908f4505fca77655afc78f5e0a2dcf1233ae96

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 18:02

Target

feacb85e8653c6a66912adcb24908f4505fca77655afc78f5e0a2dcf1233ae96.exe
Size

833KB
MD5

5c3dd5a78d831b8d6f11e4c87e2852b4
SHA1

e9f0001643c38251c260a340d41b9b47ab543b6f
SHA256

feacb85e8653c6a66912adcb24908f4505fca77655afc78f5e0a2dcf1233ae96
SHA512

0c11ee69b75f00c41d649399d23e964d30b8d9f20078fe6508a1b26c56c54f196f24b7ac6741d559dca100340a188e1707ceae11de95e29a8322cc4b15e7d5c3
SSDEEP

12288:rZeyTDxY2VxF1mmVgPFlM9vNqNqGmijMdqs7ZBLe5RAj/Zex9ry3h:le4GKbBVgPHM9vYsefsdBwcUx9ry3h

Score

6^/10

Modifies boot configuration data using bcdedit 1 IoCs

pid	Process
1688	bcdedit.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1416	feacb85e8653c6a66912adcb24908f4505fca77655afc78f5e0a2dcf1233ae96.exe
1416	feacb85e8653c6a66912adcb24908f4505fca77655afc78f5e0a2dcf1233ae96.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1300	1416	feacb85e8653c6a66912adcb24908f4505fca77655afc78f5e0a2dcf1233ae96.exe	28
PID 1416 wrote to memory of 1300	1416	feacb85e8653c6a66912adcb24908f4505fca77655afc78f5e0a2dcf1233ae96.exe	28
PID 1416 wrote to memory of 1300	1416	feacb85e8653c6a66912adcb24908f4505fca77655afc78f5e0a2dcf1233ae96.exe	28
PID 1416 wrote to memory of 1300	1416	feacb85e8653c6a66912adcb24908f4505fca77655afc78f5e0a2dcf1233ae96.exe	28
PID 1300 wrote to memory of 1688	1300	cmd.exe	30
PID 1300 wrote to memory of 1688	1300	cmd.exe	30
PID 1300 wrote to memory of 1688	1300	cmd.exe	30
PID 1300 wrote to memory of 1688	1300	cmd.exe	30

memory/1416-0-0x0000000000400000-0x0000000000630000-memory.dmp

Filesize
2.2MB

Download
memory/1416-1-0x0000000000400000-0x0000000000630000-memory.dmp

Filesize
2.2MB

Download