dbd9cfa3d9b4e482ee79e7726e95168a5e27bb0482a0e4744a1e1c56d75f1c32

Analysis

Target

ebook.exe.org.exe
Size

28.2MB
MD5

07f79b595254bd60ccec7561e858de35
SHA1

6199b33c52351cdc5d6cd1b61bb9f3602c9eb799
SHA256

dbd9cfa3d9b4e482ee79e7726e95168a5e27bb0482a0e4744a1e1c56d75f1c32
SHA512

6ca0a66adebe69b10e2c79f75441f264e8481d481731ba3bde0ee522f64761558fc74739a1a43b411708d0c6169a92167febd490a0cd96693236de29fc37362b

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

ebook.exe.org.tmp

pid process

3976 ebook.exe.org.tmp

pid	process
3976	ebook.exe.org.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ebook.exe.org.exe

description	pid	process	target process
PID 3024 wrote to memory of 3976	3024	ebook.exe.org.exe	ebook.exe.org.tmp
PID 3024 wrote to memory of 3976	3024	ebook.exe.org.exe	ebook.exe.org.tmp
PID 3024 wrote to memory of 3976	3024	ebook.exe.org.exe	ebook.exe.org.tmp

C:\Users\Admin\AppData\Local\Temp\ebook.exe.org.exe
"C:\Users\Admin\AppData\Local\Temp\ebook.exe.org.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Users\Admin\AppData\Local\Temp\is-SQV10.tmp\ebook.exe.org.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SQV10.tmp\ebook.exe.org.tmp" /SL5="$30116,28982256,486912,C:\Users\Admin\AppData\Local\Temp\ebook.exe.org.exe"
  2⤵
  - Executes dropped EXE
  PID:3976

C:\Users\Admin\AppData\Local\Temp\is-SQV10.tmp\ebook.exe.org.tmp

MD5
b6ea91910145dacd1a87fba52b5fa76e

SHA1
c8c557fcaf3e6e7274633dfb5576a9cfda2635c4

SHA256
9141bdb8993c54e6e80b0fd38dee61203988743525344dc6579d67c140511c6c

SHA512
e6fcd6c72256dc7ce7aaa50108388af6a9fb8e458e173abbee1e64791d85bb76dab5d924b35b00a5a18f2c3735041bed44dba115fb534e45f4fdfaaabc5ad9d2

Download Submit
memory/3024-122-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3976-120-0x0000000000000000-mapping.dmp

Download
memory/3976-123-0x00000000006D0000-0x000000000081A000-memory.dmp

Filesize
1.3MB

Download