60590527a11cde51827a5534142be786eb4bd7781ffdcdd4515e2b9fd3200194

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 13:51

Target

QUOTE--GEI REF 2177700XX02400.exe
Size

1.1MB
MD5

33b7516bf609bb5f78b3fff6fbdc41c5
SHA1

560e020e292b8d70ddf723bd74f187035b8f4305
SHA256

60590527a11cde51827a5534142be786eb4bd7781ffdcdd4515e2b9fd3200194
SHA512

258ddad46f42c0be70a1733df3e68a530a643cdc3a8d6b9ff8b026c53c0541b0c19b6d8e8575bf1e4d7c30c17534abe0b3bce723f501be0582c30ce0fd0a93df
SSDEEP

24576:uAHnh+eWsN3skA4RV1Hom2KXMmHaukIUaVrMs+HJtI9VjMB5:Zh+ZkldoPK8YauPF9VG

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2484 set thread context of 2500	2484	QUOTE--GEI REF 2177700XX02400.exe	31

Suspicious behavior: EnumeratesProcesses 7 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2484	QUOTE--GEI REF 2177700XX02400.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2484	QUOTE--GEI REF 2177700XX02400.exe
2484	QUOTE--GEI REF 2177700XX02400.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2484	QUOTE--GEI REF 2177700XX02400.exe
2484	QUOTE--GEI REF 2177700XX02400.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2500	2484	QUOTE--GEI REF 2177700XX02400.exe	31
PID 2484 wrote to memory of 2500	2484	QUOTE--GEI REF 2177700XX02400.exe	31
PID 2484 wrote to memory of 2500	2484	QUOTE--GEI REF 2177700XX02400.exe	31
PID 2484 wrote to memory of 2500	2484	QUOTE--GEI REF 2177700XX02400.exe	31
PID 2484 wrote to memory of 2500	2484	QUOTE--GEI REF 2177700XX02400.exe	31

C:\Users\Admin\AppData\Local\Temp\QUOTE--GEI REF 2177700XX02400.exe
"C:\Users\Admin\AppData\Local\Temp\QUOTE--GEI REF 2177700XX02400.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\SysWOW64\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\QUOTE--GEI REF 2177700XX02400.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500

C:\Users\Admin\AppData\Local\Temp\Roca

Filesize
264KB

MD5
aa88f3e6dff0cfc6d09b1596504774b9

SHA1
01b8ebce47a5e5d78b58e840c12f1dbd4773096a

SHA256
c22397aa4aacd65b6e88ca017303ccdb46861fd98eeac4dfbdf8d14a1b4ba454

SHA512
c02982189578840d4352eae5d7813abc8453688afda90cb325a0ba7ba3ddcaae8a44b4554bba47e28b3d278a775c98eb8bb225514c1b42aafa6715738c2e4ba8

Download Submit
memory/2484-11-0x0000000000560000-0x0000000000564000-memory.dmp

Filesize
16KB

Download
memory/2500-12-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2500-13-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2500-14-0x0000000000720000-0x0000000000A23000-memory.dmp

Filesize
3.0MB

Download
memory/2500-15-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2500-16-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download