00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 22:17

Target

00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe
Size

10.7MB
MD5

0e758ce9675d69f18992143f069d4ed0
SHA1

1f6ffbd4a697a8a14c765285e321f5682855fa73
SHA256

00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938
SHA512

e497978142607534f1c827460a002fca249b02c5a1db14199aec1d59ea96670c1b5cc05554a5bb60e6a6a529f20f0d04de35f536e6402d45cce5e9a3ec4c3601
SSDEEP

49152:Fs4VosV2JHdvJmDzrYPaCGUpmZqcIN9UROZtdBvAMDp58uPFmpfiF8N8HV5A+ZjG:CO2JHrbPa6MvODd5kuIc0EdZ4EMW

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1720 set thread context of 2304	1720	00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe	28

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2304	1720	00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe	28
PID 1720 wrote to memory of 2304	1720	00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe	28
PID 1720 wrote to memory of 2304	1720	00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe	28
PID 1720 wrote to memory of 2304	1720	00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe	28
PID 1720 wrote to memory of 2304	1720	00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe	28
PID 1720 wrote to memory of 2304	1720	00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe	28

C:\Users\Admin\AppData\Local\Temp\00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe
"C:\Users\Admin\AppData\Local\Temp\00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  2⤵
  PID:2304

memory/1720-4-0x000000013FA60000-0x000000014056E000-memory.dmp

Filesize
11.1MB

Download
memory/1720-9-0x000000013FA60000-0x000000014056E000-memory.dmp

Filesize
11.1MB

Download
memory/2304-5-0x00000000000D0000-0x000000000011A000-memory.dmp

Filesize
296KB

Download
memory/2304-7-0x00000000000D0000-0x000000000011A000-memory.dmp

Filesize
296KB

Download
memory/2304-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2304-11-0x00000000000D0000-0x000000000011A000-memory.dmp

Filesize
296KB

Download
memory/2304-12-0x00000000000D0000-0x000000000011A000-memory.dmp

Filesize
296KB

Download