0af544632e2cc3e5be94bd84af434e5d4b55d4bad3f2ceec49d35d115d52d1c4

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
27-03-2024 07:01

Target

e10ff90f1e24c603c82ba51647d41392.exe
Size

273KB
MD5

e10ff90f1e24c603c82ba51647d41392
SHA1

7d1596404b084b8859db5c222c5f55f2889498fe
SHA256

0af544632e2cc3e5be94bd84af434e5d4b55d4bad3f2ceec49d35d115d52d1c4
SHA512

b1abd6f5922f261ab7092012401fd4b65df8a5a3cde790da837b03ce6501539e3492349c4be1179aef994e0da21defd517f47163347996080d189b95795c0915
SSDEEP

6144:WuRZhZlwVePkSosvDTEkctOLqmdBuazoLAoRHB1to:NLlCu11vDTEk+mUOockto

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2080 set thread context of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28
PID 2080 wrote to memory of 1996	2080	e10ff90f1e24c603c82ba51647d41392.exe	28

C:\Users\Admin\AppData\Local\Temp\e10ff90f1e24c603c82ba51647d41392.exe
"C:\Users\Admin\AppData\Local\Temp\e10ff90f1e24c603c82ba51647d41392.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\e10ff90f1e24c603c82ba51647d41392.exe
  C:\Users\Admin\AppData\Local\Temp\e10ff90f1e24c603c82ba51647d41392.exe
  2⤵
  PID:1996

C:\Users\Admin\l.txt

Filesize
46B

MD5
907a28ee4113a7cf052001dc8ca2d0ef

SHA1
fc0c191c72207473550c9fbb8e964ef564ecda31

SHA256
d6b38f4432caaf0c63d964172c68e2eb1a2422ba6b31e06780809fc1593b578f

SHA512
5b0fcf57b24bf4d114d5f46ae32b3508e2471993cd545dea8174bd58aaec92183d46cf57b26fd6ac0927f920f818a1d7c29715d551e95c1cbe1046a078bbc769

Download Submit
memory/1996-0-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-2-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-4-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-6-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-8-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-9-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-10-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-12-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-18-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-20-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1996-24-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download