834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 14:24

Target

834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe
Size

652KB
MD5

a3315e6298e453ab3dfeaef056f4c6e0
SHA1

5b588a4e3cb9e65446d852ccd6fd7549ee72b282
SHA256

834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8
SHA512

b69c571505a57328ab3ab745183106602f37fd92804ffdf089f70cbfd9549bb03124ce09a6d5d9c617462c08f5118e76ac4de07a2f012d61c774ade445f5f2c6
SSDEEP

6144:s4UHFnuDk67fe2GzqOxLfPcvgKVPlw9ayXlw9ayK18CRRVMMMMMM2MMMMMs:6luDk67Sz3zKQeW1zRRaMMMMM2MMMMMs

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1480	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.com

Loads dropped DLL 2 IoCs

pid	Process
1448	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe
1448	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\kernel.dll	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe
File created	C:\Windows\svchost.exe	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe
File opened for modification	C:\Windows\kernel.dll	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1448	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 1480	1448	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe	27
PID 1448 wrote to memory of 1480	1448	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe	27
PID 1448 wrote to memory of 1480	1448	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe	27
PID 1448 wrote to memory of 1480	1448	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe	27
PID 1448 wrote to memory of 1392	1448	834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.exe	15

C:\Users\Admin\AppData\Local\Temp\834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.com

Filesize
564KB

MD5
6bef9ef5cea86e912afc3f4503f72242

SHA1
1af88ef3b8d83931c6e996f7a55dd0ae0882b6ca

SHA256
7d15d0205084f0c89baf56beec70d7a47bb69f1e4e38f3797d3e68106a56c2b9

SHA512
508bf048f83e9fab3b860582d64f1b7f271c3ffec5218c748cebd3d413f511d147f475bdd5ebe299d8b5db915e52f02c17a8a51d0c0db24e4bae9445bd2a24de

Download Submit
\Users\Admin\AppData\Local\Temp\834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.com

Filesize
564KB

MD5
6bef9ef5cea86e912afc3f4503f72242

SHA1
1af88ef3b8d83931c6e996f7a55dd0ae0882b6ca

SHA256
7d15d0205084f0c89baf56beec70d7a47bb69f1e4e38f3797d3e68106a56c2b9

SHA512
508bf048f83e9fab3b860582d64f1b7f271c3ffec5218c748cebd3d413f511d147f475bdd5ebe299d8b5db915e52f02c17a8a51d0c0db24e4bae9445bd2a24de

Download Submit
\Users\Admin\AppData\Local\Temp\834cbf2dc0af272b5b79ea08ad89d9df29c6d9e68c3a2bc5c99efc93cdb1c9a8.com

Filesize
564KB

MD5
6bef9ef5cea86e912afc3f4503f72242

SHA1
1af88ef3b8d83931c6e996f7a55dd0ae0882b6ca

SHA256
7d15d0205084f0c89baf56beec70d7a47bb69f1e4e38f3797d3e68106a56c2b9

SHA512
508bf048f83e9fab3b860582d64f1b7f271c3ffec5218c748cebd3d413f511d147f475bdd5ebe299d8b5db915e52f02c17a8a51d0c0db24e4bae9445bd2a24de

Download Submit
memory/1480-56-0x0000000000000000-mapping.dmp

Download