a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6

Analysis

max time kernel
35s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 14:23

Target

a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe
Size

232KB
MD5

a2d0e09295445e5a1bac3e94cbac5c20
SHA1

4a81335d74fc4a5f1d6577d67901788d599c49e9
SHA256

a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6
SHA512

b27e24a31b470cbdfec915ad1d4d7d4c5954673aac97ed7b778fc2bbec5d3aa533eb1f11b7019eaf2a0964af15ea15b09f2b531c158c858911eb36af4d179127
SSDEEP

6144:s4UHFnuDk67fe2olw9ay5NSDyDRO1thp:6luDk67HnSDyo1tj

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1236	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.com

Loads dropped DLL 2 IoCs

pid	Process
1348	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe
1348	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\kernel.dll	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe
File created	C:\Windows\kernel.dll	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe
File created	C:\Windows\svchost.exe	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1348	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1236	1348	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe	26
PID 1348 wrote to memory of 1236	1348	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe	26
PID 1348 wrote to memory of 1236	1348	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe	26
PID 1348 wrote to memory of 1236	1348	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe	26
PID 1348 wrote to memory of 1188	1348	a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.exe	15

C:\Users\Admin\AppData\Local\Temp\a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.com

Filesize
144KB

MD5
c68c485f66ecf9e83cad8a941d194656

SHA1
46d503f7a9cc7a70cb7422fda94f70d9c8ed9cbf

SHA256
3acc3d3505b3c9d11c89a9aa553e9644f1837122f98d8c7b669495016b38a868

SHA512
2bc446c667a056d414bcfb29db666981d65ce1ed372b2ccf813c035c98fe7787fbaaab08e050c76be1d365dccc3792ddcb05dde6a8ce6fd0e039c6c901e7dc02

Download Submit
\Users\Admin\AppData\Local\Temp\a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.com

Filesize
144KB

MD5
c68c485f66ecf9e83cad8a941d194656

SHA1
46d503f7a9cc7a70cb7422fda94f70d9c8ed9cbf

SHA256
3acc3d3505b3c9d11c89a9aa553e9644f1837122f98d8c7b669495016b38a868

SHA512
2bc446c667a056d414bcfb29db666981d65ce1ed372b2ccf813c035c98fe7787fbaaab08e050c76be1d365dccc3792ddcb05dde6a8ce6fd0e039c6c901e7dc02

Download Submit
\Users\Admin\AppData\Local\Temp\a80647468cf774e5870ce2a9fa8202b1e17d0cea546c638369eacfd6c07fcfe6.com

Filesize
144KB

MD5
c68c485f66ecf9e83cad8a941d194656

SHA1
46d503f7a9cc7a70cb7422fda94f70d9c8ed9cbf

SHA256
3acc3d3505b3c9d11c89a9aa553e9644f1837122f98d8c7b669495016b38a868

SHA512
2bc446c667a056d414bcfb29db666981d65ce1ed372b2ccf813c035c98fe7787fbaaab08e050c76be1d365dccc3792ddcb05dde6a8ce6fd0e039c6c901e7dc02

Download Submit
memory/1236-56-0x0000000000000000-mapping.dmp

Download