7d233935547785aa757807b0a483b8ac5fe9195297f0fc0f53d29931b9dbbfda

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 17:55

Target

tmp.exe
Size

308KB
MD5

d05ddc72d9c4fae1ee83e9ac16275afc
SHA1

852e1078974794aeaa40a74201efce257987be2c
SHA256

7d233935547785aa757807b0a483b8ac5fe9195297f0fc0f53d29931b9dbbfda
SHA512

3b0f662f28fa449146159da4821e0f6004edb57506159f8ac2bedd8a45e771bcfcb696c2f6a59a1df0c80099bb83c6a7d11542280ff411bba2397799a943a587
SSDEEP

6144:j11lb/L51L7HCaspEUi48UgZUbTtg/N0inheNH1e8EtlcjItq0a0:x/X/f418UgZUG10iOVM0

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

tmp.exe

description pid process target process

PID 844 set thread context of 764 844 tmp.exe RegAsm.exe

description	pid	process	target process
PID 844 set thread context of 764	844	tmp.exe	RegAsm.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe
PID 844 wrote to memory of 764	844	tmp.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:764

memory/764-8-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/764-5-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/764-6-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/764-7-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/764-9-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/764-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/764-11-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/764-14-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/764-16-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/844-0-0x00000000011B0000-0x0000000001204000-memory.dmp

Filesize
336KB

Download
memory/844-4-0x0000000002610000-0x0000000004610000-memory.dmp

Filesize
32.0MB

Download
memory/844-1-0x0000000074AA0000-0x000000007518E000-memory.dmp

Filesize
6.9MB

Download
memory/844-15-0x0000000074AA0000-0x000000007518E000-memory.dmp

Filesize
6.9MB

Download