ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 00:37

Target

ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe
Size

717KB
MD5

a0a14f4ec30ea7b4e6d99a163b58d920
SHA1

e5cb70bd970ff92e2e4339248153477c2aec9cc7
SHA256

ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0
SHA512

33732fff22d56400b4d3556561b52785d8a2596a0e7145184855e849d60f1fb82af40478fa98e46955f36b411a6c620ec377fb63dd5fded5ef8d34396d4fcc2a
SSDEEP

6144:s4UHFnuDk67fe2olw9ayyqOxLfPcvgKVivePPMqLckUet72FwBI+AFdb8Muclw9C:6luDk67HG3zKcaMVkUet7EwBI+APuXC

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1560	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.com

Loads dropped DLL 2 IoCs

pid	Process
1344	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe
1344	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\kernel.dll	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe
File created	C:\Windows\kernel.dll	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe
File created	C:\Windows\svchost.exe	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1344	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1560	1344	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe	26
PID 1344 wrote to memory of 1560	1344	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe	26
PID 1344 wrote to memory of 1560	1344	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe	26
PID 1344 wrote to memory of 1560	1344	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe	26
PID 1344 wrote to memory of 1188	1344	ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.exe	15

C:\Users\Admin\AppData\Local\Temp\ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.com

Filesize
629KB

MD5
845eefbe8a39a1f6d7b1b5fd8f49a8df

SHA1
a4c7e3414b1514ab1619e1d568b26f09177f5052

SHA256
98aa443038a0d106005cb086ed13c8fafb5eda20e56f7e895d2ac666d7658ced

SHA512
7e2469c1d6a9e2fe5a5bb9002aff41672e8c70e19f51e823cc29a19881a4ab619aaa45be91ce8d45cdc7357216e923df5500f150167dbc435d9309e2221f65eb

Download Submit
\Users\Admin\AppData\Local\Temp\ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.com

Filesize
629KB

MD5
845eefbe8a39a1f6d7b1b5fd8f49a8df

SHA1
a4c7e3414b1514ab1619e1d568b26f09177f5052

SHA256
98aa443038a0d106005cb086ed13c8fafb5eda20e56f7e895d2ac666d7658ced

SHA512
7e2469c1d6a9e2fe5a5bb9002aff41672e8c70e19f51e823cc29a19881a4ab619aaa45be91ce8d45cdc7357216e923df5500f150167dbc435d9309e2221f65eb

Download Submit
\Users\Admin\AppData\Local\Temp\ca1efe9db38768dbaca94dde9465d5ba9ef775b54addca78d9e2d13a241534d0.com

Filesize
629KB

MD5
845eefbe8a39a1f6d7b1b5fd8f49a8df

SHA1
a4c7e3414b1514ab1619e1d568b26f09177f5052

SHA256
98aa443038a0d106005cb086ed13c8fafb5eda20e56f7e895d2ac666d7658ced

SHA512
7e2469c1d6a9e2fe5a5bb9002aff41672e8c70e19f51e823cc29a19881a4ab619aaa45be91ce8d45cdc7357216e923df5500f150167dbc435d9309e2221f65eb

Download Submit