ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a

Analysis

max time kernel
145s
max time network
153s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
25-07-2022 04:30

Target

ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe
Size

6.9MB
MD5

3ff807c1b6c883fa9b1761bc1cc92912
SHA1

5e19eb1722cac026aaee4e61da7e0efb22e9c4a4
SHA256

ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a
SHA512

e029ba348829ddf573c36cf9d11415a2b49af4c6fe12c9563515cd8362fd7b5892982c5f473d9087f552cfd424c489d1a6890782187d0509c8574a5370e0d5eb

Score

7^/10

Drops startup file 2 IoCs

Processes:

cmd.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	cmd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	cmd.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe

description	pid	process	target process
PID 692 wrote to memory of 1092	692	ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe	cmd.exe
PID 692 wrote to memory of 1092	692	ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe	cmd.exe
PID 692 wrote to memory of 1092	692	ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe	cmd.exe
PID 692 wrote to memory of 1092	692	ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe
"C:\Users\Admin\AppData\Local\Temp\ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:692

C:\Windows\SysWOW64\cmd.exe
cmd /Q /C C:\Users\Admin\AppData\Local\Temp/s.bat
2⤵
- Drops startup file
PID:1092

C:\Users\Admin\AppData\Local\Temp\s.bat
Filesize
323B

MD5
bc8864d35caba8d3fa4cda31016d406d

SHA1
cd3cde62cbfd92ebde9b37ab8cb0139170cefe02

SHA256
6f7d7f2718f0ce24cdb23118d3f407052d8511f4a1ce1ea8d9fe0caa7cadd93b

SHA512
91ef338f22641671bc5a00575bfe5bc0b3fe26e0f71f839a50fb758d4b53534196b37877f0e095c240a7266a7cf00f834855a4a00768dc87f5f9ead6048f6b4c

Download Submit
memory/692-54-0x0000000075661000-0x0000000075663000-memory.dmp

Filesize
8KB

Download
memory/692-57-0x0000000000400000-0x0000000000AE4000-memory.dmp

Filesize
6.9MB

Download
memory/692-58-0x0000000000400000-0x0000000000AE4000-memory.dmp

Filesize
6.9MB

Download
memory/1092-55-0x0000000000000000-mapping.dmp

Download