ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 01:53

Target

ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe
Size

1.1MB
MD5

61104e412f7a99b92790e419e8284ade
SHA1

8ac508795bbcf83aa3ff22e946dab8d51c797953
SHA256

ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25
SHA512

cfd97389d98700ea15a979282fceb197dfc6484eeeb5df5515665a9c984d122c1a05a2ecbd9a61323f8c7e80f14236b324a42a6537913ec77af3c057a2427d55
SSDEEP

24576:qAHnh+eWsN3skA4RV1Hom2KXMmHaNbn66Ng7AGOBy5:9h+ZkldoPK8YaNbnd0

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2176 set thread context of 2724	2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	28

Suspicious behavior: EnumeratesProcesses 7 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe
2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe
2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2724	2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	28
PID 2176 wrote to memory of 2724	2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	28
PID 2176 wrote to memory of 2724	2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	28
PID 2176 wrote to memory of 2724	2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	28
PID 2176 wrote to memory of 2724	2176	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	28

C:\Users\Admin\AppData\Local\Temp\ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe
"C:\Users\Admin\AppData\Local\Temp\ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724

C:\Users\Admin\AppData\Local\Temp\intemeration

Filesize
268KB

MD5
9d12ccc396ee7101c8b3f0993c9288d4

SHA1
edf09a5f61df60cfd6b80382fe2d19e0afefdf7b

SHA256
cb42b3f306f3ab2aa19d594765a476dcacce4e7db56d09d183bb0822d643a712

SHA512
badf1ac3443fadf5cf5baa6b228d4a9add53aeea94f45cc1b3acd54fd8953d33480aaa7325e4a5f32a9850716c2fcf3aeb31114aa502719846d61aeaf370db35

Download Submit
memory/2176-11-0x0000000000160000-0x0000000000164000-memory.dmp

Filesize
16KB

Download
memory/2724-12-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2724-13-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2724-14-0x00000000008C0000-0x0000000000BC3000-memory.dmp

Filesize
3.0MB

Download
memory/2724-15-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download