cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848

Analysis

max time kernel
1s
max time network
1s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 10:54

Target

cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe
Size

5.3MB
MD5

206143e841b34ab12185d24d4bc955f6
SHA1

c2e6bec1cf411dfbfddc2c82fe6feb521b228c6b
SHA256

cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848
SHA512

879fb9fc31c3f3a56cf9b78b71dbd5003172a14f5c98a001b16b25d1cf9600dfc49841771602c0909dd0560f1209152f11e7a0a2c09765b7f2c1d64b860e368d
SSDEEP

49152:2ulMTdOMTMOMTpOMTAOMTVMTpOMTAOMTyOMTVMTWOMTpOMTAOMTVMTpOMTAgMTt:2P

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1756	ydgjnpr.exe

Loads dropped DLL 2 IoCs

pid	Process
2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe
2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2044 set thread context of 1756	2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1756	2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	28
PID 2044 wrote to memory of 1756	2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	28
PID 2044 wrote to memory of 1756	2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	28
PID 2044 wrote to memory of 1756	2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	28
PID 2044 wrote to memory of 1756	2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	28
PID 2044 wrote to memory of 1756	2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	28
PID 2044 wrote to memory of 1756	2044	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	28

C:\Users\Admin\AppData\Local\Temp\cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe
"C:\Users\Admin\AppData\Local\Temp\cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\ydgjnpr.exe
  C:\Users\Admin\AppData\Local\Temp\ydgjnpr.exe
  2⤵
  - Executes dropped EXE
  PID:1756

C:\Users\Admin\AppData\Local\Temp\ydgjnpr.exe

Filesize
960KB

MD5
4fe8e581046370f591a9d9cab910debb

SHA1
6ab73903cb9b463a7c65f8d3b2ddfcf01b4b9ff3

SHA256
ef05b461627b28b49fbc463493ffda59d9f681e8d5c56f48b5a86fa1c755313f

SHA512
af188a76aa6cc5c501f4061b9683b497927fd000b945c50a7152a92f74c349d14f1aa8d624c262ce505b0bd140d2077b3f33c41ea9eca88771326089d878096e

Download Submit
\Users\Admin\AppData\Local\Temp\ydgjnpr.exe

Filesize
7.6MB

MD5
8bd783b8bbb8f42b456e9762b99ef93a

SHA1
86b9fca18b8a1913ddcf2ed4ebdc9f85129da086

SHA256
53b15ca647d13323c5c916a4debd4db179cf8384c286dcfffe973bee028f4d91

SHA512
eb097de17204d455759d6b5f987367b294b4572e2d86f41122ef4be2235509f01e542d55381c572c7e4bcbe8aaf6172664342ffb14c09fb5b144486b5860e6c2

Download Submit
\Users\Admin\AppData\Local\Temp\ydgjnpr.exe

Filesize
4.9MB

MD5
cfd7c61470257774fa03aae6c3569528

SHA1
f063448a7696c37e5ceb24d0e92be0e22107b99c

SHA256
faa8c5548013cf554b0a0b0981c1a4a824df8341a32c76253cd5963590fad9cf

SHA512
45a15386b676b45ffc3c642f50c2786746a604288a366186d90b438f5cb02fa24f679b597e8a3ec2aaa1d1669af779db26ea6ccb063aede9e96f71d3d057f60f

Download Submit
memory/1756-56-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/1756-58-0x0000000074C70000-0x0000000074DCE000-memory.dmp

Filesize
1.4MB

Download
memory/1756-60-0x0000000074C70000-0x0000000074DCE000-memory.dmp

Filesize
1.4MB

Download