a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d

Analysis

max time kernel
49s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 02:47

Target

a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe
Size

1.1MB
MD5

d93efcb98bdcbfdc11553b3db8e02589
SHA1

ef671718a742893fbe6072a1ed8b5fcb19f26255
SHA256

a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d
SHA512

319ea0b98f78500ef8d9588dfc44e0bb9ccfdd3e1dfe1f4e9ad939060983972ebb3c46c044bbcc40775520ecce86ec6c5c12c5b923b2fa0e6da9a39e8d28c175
SSDEEP

24576:bpAHnh+eWsN3skA4RV1Hom2KXMmHag4CACT/vCqXoH5:Eh+ZkldoPK8Yag4CdrTXQ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2488 set thread context of 1664	2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe	29

Suspicious behavior: EnumeratesProcesses 7 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe
2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe
2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1664	2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe	29
PID 2488 wrote to memory of 1664	2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe	29
PID 2488 wrote to memory of 1664	2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe	29
PID 2488 wrote to memory of 1664	2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe	29
PID 2488 wrote to memory of 1664	2488	a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe	29

C:\Users\Admin\AppData\Local\Temp\a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe
"C:\Users\Admin\AppData\Local\Temp\a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\a0e490d63bba611127cd814bdf3f25a22913862f884085fdfe9fc22e799eeb8d.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664

C:\Users\Admin\AppData\Local\Temp\vehiculation

Filesize
268KB

MD5
9f56eead9e0a90eb99002282ebf721f7

SHA1
4c70df444fe41a005da95bd58d90f1aebe7e442e

SHA256
2a5e7fafc0538ecbc4bf03bf7eee77d9d2cdc84c8f1071689b9e9adf3c6e5543

SHA512
c8da5039cc0c429081f51133a9ea4b53353e0993d1412eb079b5d1b51bb9c4eff0d16964e4ca5de0de42f0b9d13ffbfb348f4c56756df0197b0d50c5f28cfa65

Download Submit
memory/1664-12-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1664-13-0x0000000000970000-0x0000000000C73000-memory.dmp

Filesize
3.0MB

Download
memory/1664-14-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1664-15-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2488-11-0x00000000001A0000-0x00000000001A4000-memory.dmp

Filesize
16KB

Download