f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02

Analysis

max time kernel
26s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 21:34

Target

f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe
Size

840KB
MD5

a08f1a0a2062619197dba0a5f5837ad0
SHA1

de14bf3eea122feb67abc2e4d347a6fdf78984cb
SHA256

f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02
SHA512

98309d96cf0fbf2d6c2a4bc42b2485dc55ae0452b1792fc68b8730a859e30e1d7bdb24c1153bb4a7b15bfa14481b8bcfa00c5e4f8c9f14d1f6de1e6e4620428d
SSDEEP

24576:Lk62zVkUetVI5uyDyo1tj+4zVkUetVI5u0:kZustKOZu0

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1484	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.com

Loads dropped DLL 2 IoCs

pid	Process
1164	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe
1164	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe
File opened for modification	C:\Windows\kernel.dll	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe
File created	C:\Windows\kernel.dll	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1164	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1164 wrote to memory of 1484	1164	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe	28
PID 1164 wrote to memory of 1484	1164	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe	28
PID 1164 wrote to memory of 1484	1164	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe	28
PID 1164 wrote to memory of 1484	1164	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe	28
PID 1164 wrote to memory of 1432	1164	f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.exe	10

C:\Users\Admin\AppData\Local\Temp\f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.com

Filesize
752KB

MD5
d70ce10d06db39beec49357126393c9c

SHA1
76ecb2e121b944548cb7cdbcee68065f81224755

SHA256
46902f5ed9bf8923ea90c2ebad023b02b88df1610cc4a745a75bdbfd47113ec1

SHA512
1a5d1a4858f63655c6d757a215deeb43322ce93fec924a3edf256a3f457157f1301841bf5e75441657c4a42518fd5718702be74dff281488d9868a644d4ccd68

Download Submit
\Users\Admin\AppData\Local\Temp\f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.com

Filesize
752KB

MD5
d70ce10d06db39beec49357126393c9c

SHA1
76ecb2e121b944548cb7cdbcee68065f81224755

SHA256
46902f5ed9bf8923ea90c2ebad023b02b88df1610cc4a745a75bdbfd47113ec1

SHA512
1a5d1a4858f63655c6d757a215deeb43322ce93fec924a3edf256a3f457157f1301841bf5e75441657c4a42518fd5718702be74dff281488d9868a644d4ccd68

Download Submit
\Users\Admin\AppData\Local\Temp\f78581d238b443a09adf1bd03f620973ccd21f550a46e105f7f2c1893c159d02.com

Filesize
752KB

MD5
d70ce10d06db39beec49357126393c9c

SHA1
76ecb2e121b944548cb7cdbcee68065f81224755

SHA256
46902f5ed9bf8923ea90c2ebad023b02b88df1610cc4a745a75bdbfd47113ec1

SHA512
1a5d1a4858f63655c6d757a215deeb43322ce93fec924a3edf256a3f457157f1301841bf5e75441657c4a42518fd5718702be74dff281488d9868a644d4ccd68

Download Submit