c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 00:38

Target

c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe
Size

316KB
MD5

a10ce15fb25f628ee933118cfd456234
SHA1

bf96c8d429a369b5cc8e71a851c92113a8a6a937
SHA256

c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1
SHA512

bba27ba2ed7e9b81a099c26299825507e5eda6289e0eccaf9e80a6d5dcd932cdb05bb449cbcd4fb7a2cf264a348b34a3b724a3709857cf740c3f67ed4c2b3988
SSDEEP

6144:s4UHFnuDk67fe2olw9ayrNSDyDRO1thpl:6luDk67HNSDyo1tjl

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1240	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.com

Loads dropped DLL 2 IoCs

pid	Process
580	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe
580	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe
File opened for modification	C:\Windows\kernel.dll	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe
File created	C:\Windows\kernel.dll	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
580	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 580 wrote to memory of 1240	580	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe	28
PID 580 wrote to memory of 1240	580	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe	28
PID 580 wrote to memory of 1240	580	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe	28
PID 580 wrote to memory of 1240	580	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe	28
PID 580 wrote to memory of 1216	580	c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.exe	13

C:\Users\Admin\AppData\Local\Temp\c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.com

Filesize
228KB

MD5
0fd4f1f5bd644287c7656a939fa49441

SHA1
f94d6df6f0c1c4d1503ae2aebda86bcbb0b10f64

SHA256
7f0a9ec03f7d1cb52141c0376e3f22d188cd4e8aa53107dd25535f348dc05c1f

SHA512
ba377217ee10b50e2120999393e5dffa95705edf82f554c3dcd61aceb05437398a3f0a343aa448a1fbd4541f347d91fcfb11af7db38600d31c41c4764ca94da4

Download Submit
\Users\Admin\AppData\Local\Temp\c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.com

Filesize
228KB

MD5
0fd4f1f5bd644287c7656a939fa49441

SHA1
f94d6df6f0c1c4d1503ae2aebda86bcbb0b10f64

SHA256
7f0a9ec03f7d1cb52141c0376e3f22d188cd4e8aa53107dd25535f348dc05c1f

SHA512
ba377217ee10b50e2120999393e5dffa95705edf82f554c3dcd61aceb05437398a3f0a343aa448a1fbd4541f347d91fcfb11af7db38600d31c41c4764ca94da4

Download Submit
\Users\Admin\AppData\Local\Temp\c141b6f54e69798308d0f99a2a5694037c267013852e052a0a294a457d91bfd1.com

Filesize
228KB

MD5
0fd4f1f5bd644287c7656a939fa49441

SHA1
f94d6df6f0c1c4d1503ae2aebda86bcbb0b10f64

SHA256
7f0a9ec03f7d1cb52141c0376e3f22d188cd4e8aa53107dd25535f348dc05c1f

SHA512
ba377217ee10b50e2120999393e5dffa95705edf82f554c3dcd61aceb05437398a3f0a343aa448a1fbd4541f347d91fcfb11af7db38600d31c41c4764ca94da4

Download Submit