61667f27027810f9cb97a409506515909b474663397804f0c047a68ef1b2d98a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 02:18

Target

c235198fc0044f75de6594be9702f39d.exe
Size

159KB
MD5

c235198fc0044f75de6594be9702f39d
SHA1

6f83fcd16ea01f67b555c80f6d5f18fbf8c034e6
SHA256

61667f27027810f9cb97a409506515909b474663397804f0c047a68ef1b2d98a
SHA512

214ff40d410d63b028a1cea538a1083cca8d3dd7a422a2241690a6bd4659317f6aa960e8fd375cac5c63d6ca8fabc806728fc9ec8d4fa56205db5f6659d87247
SSDEEP

3072:RMj4JjXYYGc8OGXgNBR9AMhZQN9WJd7yI0mswohVOPzrc77OWw8x8cZ:aj4JLYr9OGXmL9NqQV6wVc769/cZ

Score

5^/10

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2192 set thread context of 2616	2192	c235198fc0044f75de6594be9702f39d.exe	28
PID 2192 set thread context of 0	2192	c235198fc0044f75de6594be9702f39d.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	c235198fc0044f75de6594be9702f39d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	c235198fc0044f75de6594be9702f39d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2192	c235198fc0044f75de6594be9702f39d.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2616	2192	c235198fc0044f75de6594be9702f39d.exe	28
PID 2192 wrote to memory of 2616	2192	c235198fc0044f75de6594be9702f39d.exe	28
PID 2192 wrote to memory of 2616	2192	c235198fc0044f75de6594be9702f39d.exe	28
PID 2192 wrote to memory of 2616	2192	c235198fc0044f75de6594be9702f39d.exe	28
PID 2192 wrote to memory of 2616	2192	c235198fc0044f75de6594be9702f39d.exe	28
PID 2192 wrote to memory of 2616	2192	c235198fc0044f75de6594be9702f39d.exe	28
PID 2192 wrote to memory of 2616	2192	c235198fc0044f75de6594be9702f39d.exe	28
PID 2192 wrote to memory of 2616	2192	c235198fc0044f75de6594be9702f39d.exe	28
PID 2192 wrote to memory of 0	2192	c235198fc0044f75de6594be9702f39d.exe
PID 2192 wrote to memory of 0	2192	c235198fc0044f75de6594be9702f39d.exe
PID 2192 wrote to memory of 0	2192	c235198fc0044f75de6594be9702f39d.exe
PID 2192 wrote to memory of 0	2192	c235198fc0044f75de6594be9702f39d.exe

C:\Users\Admin\AppData\Local\Temp\c235198fc0044f75de6594be9702f39d.exe
"C:\Users\Admin\AppData\Local\Temp\c235198fc0044f75de6594be9702f39d.exe"
1⤵
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\c235198fc0044f75de6594be9702f39d.exe
  "C:\Users\Admin\AppData\Local\Temp\c235198fc0044f75de6594be9702f39d.exe"
  2⤵
  PID:2616

memory/2192-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2192-1-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2192-6-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2616-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2616-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2616-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2616-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download