57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 00:40

Target

57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe
Size

998KB
MD5

a0ba65825a8d5a55f71dbcc0be96e700
SHA1

a579080fc24f8f583daf04cc43dd9f677223b9db
SHA256

57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058
SHA512

f25fd97d2effd1e3b3813739409d6ab074bd02978c6fc891256d244e6051143a6a943f774800a090ce7c0a995df46ab56d0e2dc978de7d623dafb48a5b81bb97
SSDEEP

12288:6luDk67Sz3zKQeW1zRRaMMMMM2MMMMMr3zK:Lk6BK1zRRaMMMMM2MMMMMq

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
2032	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.com

Loads dropped DLL 2 IoCs

pid	Process
784	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe
784	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\kernel.dll	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe
File created	C:\Windows\kernel.dll	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe
File created	C:\Windows\svchost.exe	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
784	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 2032	784	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe	26
PID 784 wrote to memory of 2032	784	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe	26
PID 784 wrote to memory of 2032	784	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe	26
PID 784 wrote to memory of 2032	784	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe	26
PID 784 wrote to memory of 1360	784	57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.exe	18

C:\Users\Admin\AppData\Local\Temp\57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.com

Filesize
909KB

MD5
a4c05293ed820c17bcebe707e9725e00

SHA1
e44ad6d4dc9d8ec143214ffdf7a7b57e64ca1272

SHA256
5af86b6ddb173d97a8bef1b545d8035cf068e9a8a0f9049fe09ee42f8df76381

SHA512
962a413c848281bc2451eb1c94ee6f682b43927d4b67eef9c255cd93081477fcd16a2bef7049ad57e44a82f79ac6ecb3b0cd9e9a9b350ad33ff64eae254572dc

Download Submit
\Users\Admin\AppData\Local\Temp\57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.com

Filesize
909KB

MD5
a4c05293ed820c17bcebe707e9725e00

SHA1
e44ad6d4dc9d8ec143214ffdf7a7b57e64ca1272

SHA256
5af86b6ddb173d97a8bef1b545d8035cf068e9a8a0f9049fe09ee42f8df76381

SHA512
962a413c848281bc2451eb1c94ee6f682b43927d4b67eef9c255cd93081477fcd16a2bef7049ad57e44a82f79ac6ecb3b0cd9e9a9b350ad33ff64eae254572dc

Download Submit
\Users\Admin\AppData\Local\Temp\57576ab56da4d372eb0f6e92ad9ac5b07ee616e83811efcdfbafcc917d09b058.com

Filesize
909KB

MD5
a4c05293ed820c17bcebe707e9725e00

SHA1
e44ad6d4dc9d8ec143214ffdf7a7b57e64ca1272

SHA256
5af86b6ddb173d97a8bef1b545d8035cf068e9a8a0f9049fe09ee42f8df76381

SHA512
962a413c848281bc2451eb1c94ee6f682b43927d4b67eef9c255cd93081477fcd16a2bef7049ad57e44a82f79ac6ecb3b0cd9e9a9b350ad33ff64eae254572dc

Download Submit