f5913e753281dbdf88f36c73d13afbf4af62046e25f8e148e87a80e88818c4d7

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 20:55

Target

tmp.exe
Size

308KB
MD5

c60f5fa3a579bca2c8c377f7e15b2221
SHA1

d44b5c6dd64284f00d6f9d05cf5327a91cad9339
SHA256

f5913e753281dbdf88f36c73d13afbf4af62046e25f8e148e87a80e88818c4d7
SHA512

f419adf4bd07ce18d9b7de7445b2d0185653de27738fd4403f880ee11bf49ca8a1958c1b2c94f8f4c5da52ebc79462cfb6fe71849439f6af017a95b44af2f77b
SSDEEP

6144:DVa+NrJiVBc2wc6oKXwdUWFQg1SGWEWAMiY7ivtaqgntTZXHAYq7:J1NrJaBcOOiHWEWAMFKtdstTfq

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

tmp.exe

description pid process target process

PID 2032 set thread context of 1164 2032 tmp.exe RegAsm.exe

description	pid	process	target process
PID 2032 set thread context of 1164	2032	tmp.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe
PID 2032 wrote to memory of 1164	2032	tmp.exe	RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:1164

memory/1164-14-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1164-4-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1164-7-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1164-5-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1164-9-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1164-11-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1164-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1164-8-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1164-16-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2032-0-0x0000000000920000-0x0000000000974000-memory.dmp

Filesize
336KB

Download
memory/2032-6-0x00000000022D0000-0x00000000042D0000-memory.dmp

Filesize
32.0MB

Download
memory/2032-1-0x00000000745C0000-0x0000000074CAE000-memory.dmp

Filesize
6.9MB

Download
memory/2032-15-0x00000000745C0000-0x0000000074CAE000-memory.dmp

Filesize
6.9MB

Download