746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f

Analysis

max time kernel
151s
max time network
164s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
31-07-2022 05:33

Target

746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f.exe
Size

6.3MB
MD5

943c2f3240b80c1388024e5c307a3f8a
SHA1

97bcdd8be04be157692d644bb4400192067adff2
SHA256

746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f
SHA512

a653b7ad1bbc7c360ca7fe6d861a9afa9e93a3f4749d94cbad492f8b7632fa6ab0e091b6265d3f2b7aed35dfa31305a5892267cc4dfb7b34e5fdbb13e35b4bda

Score

7^/10

Drops startup file 2 IoCs

Processes:

cmd.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	cmd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	cmd.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f.exe

description	pid	process	target process
PID 1504 wrote to memory of 1436	1504	746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f.exe	cmd.exe
PID 1504 wrote to memory of 1436	1504	746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f.exe	cmd.exe
PID 1504 wrote to memory of 1436	1504	746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f.exe	cmd.exe
PID 1504 wrote to memory of 1436	1504	746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f.exe
"C:\Users\Admin\AppData\Local\Temp\746e7bc0f23a47b91a9dc6a42819c263257ae3a3a187ddd8047d85113b71225f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1504

C:\Windows\SysWOW64\cmd.exe
cmd /Q /C C:\Users\Admin\AppData\Local\Temp/s.bat
2⤵
- Drops startup file
PID:1436

C:\Users\Admin\AppData\Local\Temp\s.bat
Filesize
323B

MD5
2f376f1dd08b5d2dbf6483c6bec7d4a3

SHA1
681de22b9f0e3bdd2b7dcf6aa902ba1b20066d88

SHA256
9f031267693a304076df587fd43eb8859ccc0c774ad91ec671e9bd0845e65330

SHA512
5a554ff112f73394e899d93fe7ed3d425f2251b2c2d29f6b23ca490dc4342b9f31cacc155359a6918384d0b7368bbeeb8b840552a386327e838746daa9d952d1

Download Submit
memory/1436-55-0x0000000000000000-mapping.dmp

Download
memory/1504-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download