5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 01:24

Target

5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe
Size

1.2MB
MD5

6bd9a4efaf3324d02ddd92ca1f327698
SHA1

a57c47d5631432018b31607c747e465bdd12204b
SHA256

5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739
SHA512

1a567f830a4518a136996bb04a48c9fe812741847f02beb5ba4f12b0765be85779d746c327644b93fa57962bbeadaea7f07e5dcd8139d176460b1796453b2d2e
SSDEEP

24576:jAHnh+eWsN3skA4RV1Hom2KXMmHagvKSmxq1ix6q54x5:uh+ZkldoPK8YagiSo08W

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2020 set thread context of 2168	2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe	28

Suspicious behavior: EnumeratesProcesses 7 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe
2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe
2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2168	2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe	28
PID 2020 wrote to memory of 2168	2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe	28
PID 2020 wrote to memory of 2168	2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe	28
PID 2020 wrote to memory of 2168	2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe	28
PID 2020 wrote to memory of 2168	2020	5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe	28

C:\Users\Admin\AppData\Local\Temp\5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe
"C:\Users\Admin\AppData\Local\Temp\5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\5203d24b1f41e1079742a8c489cfb151e35f79a01c7f75445c2106d4a5ccf739.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168

C:\Users\Admin\AppData\Local\Temp\carryover

Filesize
268KB

MD5
7885988bb9399f577b113c35ba75d6b4

SHA1
045bbc403472001bd19f435888556870c0a4ce49

SHA256
515e93c3949246f0f80a3d234913f0fda610aa71ce034817337062e33e4f913f

SHA512
4afd3243f89567fa0189f0afab93024fdd9ec134e66323f98f6e308d11ee1df830dfe152d6f2d22c451343802a838a632440425a9e8714a57153ce046cc4c6fb

Download Submit
memory/2020-11-0x0000000000260000-0x0000000000264000-memory.dmp

Filesize
16KB

Download
memory/2168-12-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2168-13-0x0000000000910000-0x0000000000C13000-memory.dmp

Filesize
3.0MB

Download
memory/2168-14-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2168-15-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download