d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75

Analysis

max time kernel
34s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 21:34

Target

d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe
Size

990KB
MD5

a00551c4cb5abd448c32bbc7314eab10
SHA1

8fc07ef5ae5134fbdd5b98a6bc2bd4048251743a
SHA256

d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75
SHA512

d08bcfe8b8574d8e1e85ecdb9486e13c324a58a7104e82491afb8c03ca4fbc167f359a72a59b0896b59c93016f9229d0871ddd91bbdb8b47787c36db32bbb331
SSDEEP

12288:6luDk67Sz3zKQeW1zRRaMMMMM2MMMMMu3zK:Lk6BK1zRRaMMMMM2MMMMMv

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1400	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.com

Loads dropped DLL 2 IoCs

pid	Process
1948	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe
1948	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\kernel.dll	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe
File created	C:\Windows\svchost.exe	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe
File opened for modification	C:\Windows\kernel.dll	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1948	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1400	1948	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe	28
PID 1948 wrote to memory of 1400	1948	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe	28
PID 1948 wrote to memory of 1400	1948	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe	28
PID 1948 wrote to memory of 1400	1948	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe	28
PID 1948 wrote to memory of 1224	1948	d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.exe	15

C:\Users\Admin\AppData\Local\Temp\d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.com

Filesize
901KB

MD5
6e0b406ef1b4c2127be508d18ae5e41b

SHA1
3666a8616837996475b28e3421ab5583a5b6c0f3

SHA256
75c5ff7112293f477e2ab7e23caa76f2cd1b685192198f4ef5d87a0de275d0c9

SHA512
0e6531f332cdf587a9741af1f4930d7e8eb7e9f2a76e829b571bd7cd1252228d95c7f2e2196340a3237632ab93fbe9214a4a90c4d6f1b832a07deed4dad4b327

Download Submit
\Users\Admin\AppData\Local\Temp\d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.com

Filesize
901KB

MD5
6e0b406ef1b4c2127be508d18ae5e41b

SHA1
3666a8616837996475b28e3421ab5583a5b6c0f3

SHA256
75c5ff7112293f477e2ab7e23caa76f2cd1b685192198f4ef5d87a0de275d0c9

SHA512
0e6531f332cdf587a9741af1f4930d7e8eb7e9f2a76e829b571bd7cd1252228d95c7f2e2196340a3237632ab93fbe9214a4a90c4d6f1b832a07deed4dad4b327

Download Submit
\Users\Admin\AppData\Local\Temp\d17dba538f6013f938de4e78658469e9c1384d265f12c5754b50be5abd3d9e75.com

Filesize
901KB

MD5
6e0b406ef1b4c2127be508d18ae5e41b

SHA1
3666a8616837996475b28e3421ab5583a5b6c0f3

SHA256
75c5ff7112293f477e2ab7e23caa76f2cd1b685192198f4ef5d87a0de275d0c9

SHA512
0e6531f332cdf587a9741af1f4930d7e8eb7e9f2a76e829b571bd7cd1252228d95c7f2e2196340a3237632ab93fbe9214a4a90c4d6f1b832a07deed4dad4b327

Download Submit
memory/1400-56-0x0000000000000000-mapping.dmp

Download