f8840621ccce4e993283ac91d322c35cacd42619856477e057eac1cb1127bd6b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 23:51

Target

Loader.exe
Size

3.1MB
MD5

b3fad209b07f4d66570c24a40f30d5c7
SHA1

0bd9c9aee1eafebdb435593c393392753b879e0f
SHA256

f8840621ccce4e993283ac91d322c35cacd42619856477e057eac1cb1127bd6b
SHA512

6188bde615cc58ee74ab37146ba4b4db26e33d8a74adbd17efb4b43282ddf014f67cb68ab44f47ae91eeedecad4a1ac5f56141b72e1193c94881997f713eefd1
SSDEEP

24576:qiiadv30/H2HYi9PnBivY2w66eCIuZLBQZh+Bt5THuO1GJYS6O0/shnaoN4DmAOs:UM0f2HpCrwTeYBNqO1GJYSISsMQ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2396 set thread context of 840	2396	Loader.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 840	2396	Loader.exe	30
PID 2396 wrote to memory of 840	2396	Loader.exe	30
PID 2396 wrote to memory of 840	2396	Loader.exe	30
PID 2396 wrote to memory of 840	2396	Loader.exe	30

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\Loader.exe
  "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
  2⤵
  PID:840

memory/840-0-0x000007FFFFFDF000-0x000007FFFFFE0000-memory.dmp

Filesize
4KB

Download