8a78613678a02abb2b69690d0a9dd333f763775a3bdd605e46eb1e91c64f7614

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 09:00

Target

MalwareBazaar.exe
Size

2.0MB
MD5

c90f50282b5f1d8189e28114d8461612
SHA1

065ef768270acd080cfffe3b6ff76335c2565e84
SHA256

8a78613678a02abb2b69690d0a9dd333f763775a3bdd605e46eb1e91c64f7614
SHA512

ddcef4cf99fb1c7c792e7730a2b7a4cb0cd5d99ddc264c858d07609fec344af3433286b0b389e0bb6fc9c542b40be71abd581e874bf04062b0bef37103e76b2e
SSDEEP

49152:ySJChpoK4czru6sRSnin2+zcRARaKpOB0IGb8sj5ip0PkNG3W+mtdIu:+rhUEwfvc

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2900 set thread context of 2988	2900	MalwareBazaar.exe	32

Suspicious behavior: EnumeratesProcesses 7 IoCs

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 3028	2900	MalwareBazaar.exe	31
PID 2900 wrote to memory of 3028	2900	MalwareBazaar.exe	31
PID 2900 wrote to memory of 3028	2900	MalwareBazaar.exe	31
PID 2900 wrote to memory of 3028	2900	MalwareBazaar.exe	31
PID 2900 wrote to memory of 3028	2900	MalwareBazaar.exe	31
PID 2900 wrote to memory of 3028	2900	MalwareBazaar.exe	31
PID 2900 wrote to memory of 3028	2900	MalwareBazaar.exe	31
PID 2900 wrote to memory of 2988	2900	MalwareBazaar.exe	32
PID 2900 wrote to memory of 2988	2900	MalwareBazaar.exe	32
PID 2900 wrote to memory of 2988	2900	MalwareBazaar.exe	32
PID 2900 wrote to memory of 2988	2900	MalwareBazaar.exe	32
PID 2900 wrote to memory of 2988	2900	MalwareBazaar.exe	32
PID 2900 wrote to memory of 2988	2900	MalwareBazaar.exe	32
PID 2900 wrote to memory of 2988	2900	MalwareBazaar.exe	32

C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
"C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
  2⤵
  PID:3028
- C:\Program Files (x86)\Windows Mail\wab.exe
  "C:\Program Files (x86)\Windows Mail\wab.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988

memory/2988-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2988-1-0x0000000000840000-0x0000000000B43000-memory.dmp

Filesize
3.0MB

Download
memory/2988-2-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2988-3-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download