4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 21:32

Target

4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe
Size

136KB
MD5

a05a2fdf807a6b18d792635645a92ae0
SHA1

a4a769555b99b34a16aa50046aa7a8b74f2cb9a2
SHA256

4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7
SHA512

56883cecdb465b4c26ae396b89c11f6855af031b6b501e399020f50ffd12ac9de4aa4b732d9decf2d1d453e56cb616de297b8b87ce34127610648d4f57afd028
SSDEEP

3072:TO3ZhHsio0tBGCzoRw1V6Cc49R/dMMMMMM2MMMMMZ1:TkhMipt0Czo218CRRVMMMMMM2MMMMM

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1852	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.com

Loads dropped DLL 2 IoCs

pid	Process
1424	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe
1424	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\kernel.dll	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe
File created	C:\Windows\kernel.dll	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe
File created	C:\Windows\svchost.exe	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe
File opened for modification	C:\Windows\svchost.exe	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1424	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 1852	1424	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe	26
PID 1424 wrote to memory of 1852	1424	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe	26
PID 1424 wrote to memory of 1852	1424	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe	26
PID 1424 wrote to memory of 1852	1424	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe	26
PID 1424 wrote to memory of 1260	1424	4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.exe	14

C:\Users\Admin\AppData\Local\Temp\4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.com

Filesize
59KB

MD5
091c14f4c71328d4316248a2421190de

SHA1
2f3645e24caee5898d086890752400d7c8862505

SHA256
3f7409a5f661c5a17068757d03a3b90f5c2688ae5391aed83fa1eb98a9ec28dc

SHA512
05cb01d25b509d26d77f873a0ae0f5e769175dc86acd777dbc24570e355443a28daa8b58846819ec3799e3f8928f9d9fc9674552f2d495d8b749797c8dc22d27

Download Submit
\Users\Admin\AppData\Local\Temp\4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.com

Filesize
59KB

MD5
091c14f4c71328d4316248a2421190de

SHA1
2f3645e24caee5898d086890752400d7c8862505

SHA256
3f7409a5f661c5a17068757d03a3b90f5c2688ae5391aed83fa1eb98a9ec28dc

SHA512
05cb01d25b509d26d77f873a0ae0f5e769175dc86acd777dbc24570e355443a28daa8b58846819ec3799e3f8928f9d9fc9674552f2d495d8b749797c8dc22d27

Download Submit
\Users\Admin\AppData\Local\Temp\4dbe94cc7008b1769b3f39a142e2296963af5d6e7f74d503028866a6639ed6f7.com

Filesize
59KB

MD5
091c14f4c71328d4316248a2421190de

SHA1
2f3645e24caee5898d086890752400d7c8862505

SHA256
3f7409a5f661c5a17068757d03a3b90f5c2688ae5391aed83fa1eb98a9ec28dc

SHA512
05cb01d25b509d26d77f873a0ae0f5e769175dc86acd777dbc24570e355443a28daa8b58846819ec3799e3f8928f9d9fc9674552f2d495d8b749797c8dc22d27

Download Submit
memory/1852-56-0x0000000000000000-mapping.dmp

Download