cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9

Analysis

max time kernel
106s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 13:31

Target

cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe
Size

98KB
MD5

51d4605af15709335bad5dfe6afabc88
SHA1

d5dbc7a210615a25fa804d34a00d8f77d8c396d5
SHA256

cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9
SHA512

25d5995b34f0e2590b51a93bc8d156f76f7dedc6b51160db23702ae10571066a3e32c5678767f746b2ddc0c52acbf91cbbe7b483e24ef4a2c19e27a6f332c1d0
SSDEEP

1536:1ZHY7vuR1I+sodbgCGd9b1qaWvq0ks99JgGz1oxfmr5pf7ZawiN1hNwzqL6uCC4:1ZHY7c9sMFS9JBWvrksXYUNpjxir+8J4

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1624	dducssptou

Loads dropped DLL 2 IoCs

pid	Process
1488	cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe
1488	cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 1624	1488	cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe	26
PID 1488 wrote to memory of 1624	1488	cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe	26
PID 1488 wrote to memory of 1624	1488	cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe	26
PID 1488 wrote to memory of 1624	1488	cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe	26

C:\Users\Admin\AppData\Local\Temp\cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe
"C:\Users\Admin\AppData\Local\Temp\cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1488
- \??\c:\users\admin\appdata\local\dducssptou
  "C:\Users\Admin\AppData\Local\Temp\cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe" a -sc:\users\admin\appdata\local\temp\cbf70a8b5ae80c8aca61da403345b02f70b3023dae21e0da2f7a6003ba4dc1e9.exe
  2⤵
  - Executes dropped EXE
  PID:1624

C:\Users\Admin\AppData\Local\dducssptou

Filesize
23.0MB

MD5
0352ec6a9fe23b77c8303dc602c1e372

SHA1
6633afa0ca69582718e24041171f3a04aa564108

SHA256
290f83b3f95e7237ae232074178110f8e1c8e55dc3e44bf2db042800c6ea9c21

SHA512
e00c32feb4cd6352e003414485d1d74941db72c1fab3fc0cede0a3507b8f444e288a4bfd6ff5ab97f375e6bc4deca7546436cd8fdcf5ac77ccc12e790cd6d213

Download Submit
\Users\Admin\AppData\Local\dducssptou

Filesize
23.0MB

MD5
0352ec6a9fe23b77c8303dc602c1e372

SHA1
6633afa0ca69582718e24041171f3a04aa564108

SHA256
290f83b3f95e7237ae232074178110f8e1c8e55dc3e44bf2db042800c6ea9c21

SHA512
e00c32feb4cd6352e003414485d1d74941db72c1fab3fc0cede0a3507b8f444e288a4bfd6ff5ab97f375e6bc4deca7546436cd8fdcf5ac77ccc12e790cd6d213

Download Submit
\Users\Admin\AppData\Local\dducssptou

Filesize
23.0MB

MD5
0352ec6a9fe23b77c8303dc602c1e372

SHA1
6633afa0ca69582718e24041171f3a04aa564108

SHA256
290f83b3f95e7237ae232074178110f8e1c8e55dc3e44bf2db042800c6ea9c21

SHA512
e00c32feb4cd6352e003414485d1d74941db72c1fab3fc0cede0a3507b8f444e288a4bfd6ff5ab97f375e6bc4deca7546436cd8fdcf5ac77ccc12e790cd6d213

Download Submit
memory/1488-54-0x0000000000400000-0x000000000044C926-memory.dmp

Filesize
306KB

Download
memory/1488-55-0x0000000000400000-0x000000000044C926-memory.dmp

Filesize
306KB

Download
memory/1624-60-0x0000000000400000-0x000000000044C926-memory.dmp

Filesize
306KB

Download
memory/1624-61-0x0000000000400000-0x000000000044C926-memory.dmp

Filesize
306KB

Download