053e7603d2776f39c17d74cd5a095d2fa4727ce019cb91274c135be4b9732358

Resubmissions

07-09-2022 19:58

03-08-2021 09:41

Target

Document.exe
Size

14.1MB
MD5

5210735409235c1aaf674fefddd33e35
SHA1

7c75657618cdeb21eedd587d960a608c4ead60f1
SHA256

053e7603d2776f39c17d74cd5a095d2fa4727ce019cb91274c135be4b9732358
SHA512

e382f86366f1a5dc7f665dd19e48410e69614cced4b5cb2deabec58e4b948906d34df42195010ea3a58e5c63579f042b0b6eb8e2f70c99d9b013d776f098985d

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

Document.exe

pid process

1824 Document.exe

pid	process
1824	Document.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Document.exe

description	pid	process	target process
PID 2020 wrote to memory of 1824	2020	Document.exe	Document.exe
PID 2020 wrote to memory of 1824	2020	Document.exe	Document.exe
PID 2020 wrote to memory of 1824	2020	Document.exe	Document.exe

C:\Users\Admin\AppData\Local\Temp\Document.exe
"C:\Users\Admin\AppData\Local\Temp\Document.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020

C:\Users\Admin\AppData\Local\Temp\Document.exe
"C:\Users\Admin\AppData\Local\Temp\Document.exe"
2⤵
- Loads dropped DLL
PID:1824

C:\Users\Admin\AppData\Local\Temp\_MEI20202\python39.dll
MD5
1d5e4c20a20740f38f061bdf48aaca4f

SHA1
de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0

SHA256
f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366

SHA512
9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20202\python39.dll
MD5
1d5e4c20a20740f38f061bdf48aaca4f

SHA1
de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0

SHA256
f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366

SHA512
9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

Download Submit
memory/1824-59-0x0000000000000000-mapping.dmp

Download