48bae1515ac732f33a6fbd725dfb29fe55132b1f446f0efa201c1ad10cf0b1f6

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 12:58

Target

Electronic Order.exe
Size

1.1MB
MD5

f44d956aa3a0c41f8e8ca7d9e9ead69c
SHA1

5d4cd96731237a1d8a8e03aa078b0bda9d2296a3
SHA256

48bae1515ac732f33a6fbd725dfb29fe55132b1f446f0efa201c1ad10cf0b1f6
SHA512

e61d7c0a4e9fe6ef74b9dcbd76c3b526af3931485cbdc4e04bf7e19077b5050eabda611b712b8f4189716236b1bab3f27c07ccd259a4bb721e77b43747c51df4
SSDEEP

24576:+AHnh+eWsN3skA4RV1Hom2KXMmHas5PNdmnDIZO2/wUcl5:ph+ZkldoPK8Yas51dmni/wUO

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2668 set thread context of 2940	2668	Electronic Order.exe	30

Suspicious behavior: EnumeratesProcesses 7 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2668	Electronic Order.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2940	2668	Electronic Order.exe	30
PID 2668 wrote to memory of 2940	2668	Electronic Order.exe	30
PID 2668 wrote to memory of 2940	2668	Electronic Order.exe	30
PID 2668 wrote to memory of 2940	2668	Electronic Order.exe	30
PID 2668 wrote to memory of 2940	2668	Electronic Order.exe	30

C:\Users\Admin\AppData\Local\Temp\Electronic Order.exe
"C:\Users\Admin\AppData\Local\Temp\Electronic Order.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\SysWOW64\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\Electronic Order.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940

C:\Users\Admin\AppData\Local\Temp\nondefinition

Filesize
279KB

MD5
225c61445560f7ae947612076f16befe

SHA1
05738dc23d0acc3670c14140eb0cd5de65aed67f

SHA256
80ccffb4eb2f7009b45dfda32f002c9c9acc3516a709def1758d4ba3a4b34b09

SHA512
736419bd099b969ea58376b8b8003ad7bec253b3199d0dc8cbf08abf3ca68f6f734032011ae36ea884ad3d3c2a21e7e917e26b84e37e8a0fa81000f2c6b6687e

Download Submit
memory/2668-11-0x00000000000A0000-0x00000000000A4000-memory.dmp

Filesize
16KB

Download
memory/2940-12-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2940-13-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2940-14-0x00000000009E0000-0x0000000000CE3000-memory.dmp

Filesize
3.0MB

Download
memory/2940-15-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2940-16-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download