b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 07:40

Target

b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c.exe
Size

552KB
MD5

10ad39451c6ed3f32747e7c7d101bf80
SHA1

4310b9475092fdacc9bf487fe4083878eb2bc78e
SHA256

b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c
SHA512

5c5ae68e29d1b50eb2c052ec9b88616ca687794224589aedb1747448672f86320145b10cad9661d7d742a6d52c1c5ca5920dd9a573af265e8dcb21576e4e25dd
SSDEEP

6144:E7IwczuqN4v3dJQBGHq2aIudHuWJ/MYjTcvC3OCtLE6AwEKWIpS7xh:E7TjqI/QBGHBaHuWnkUvtLJBWIo

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1368	cmd.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1708	b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c.exe
1708	b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1368	1708	b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c.exe	26
PID 1708 wrote to memory of 1368	1708	b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c.exe	26
PID 1708 wrote to memory of 1368	1708	b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c.exe	26
PID 1708 wrote to memory of 1368	1708	b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c.exe	26

C:\Users\Admin\AppData\Local\Temp\b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c.exe
"C:\Users\Admin\AppData\Local\Temp\b64e8b233c5bbb73a87b814f58f078ecf1ac3c7a6a47a845830f99b733488a9c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\btkfk.bat
  2⤵
  - Deletes itself
  PID:1368

C:\Users\Admin\AppData\Local\Temp\btkfk.bat

Filesize
249B

MD5
5a6159f4892a40f84de39532255c1b8a

SHA1
4d95c458601826eb0d7db044f93ec7c89892b98b

SHA256
955ba94b543f039a0738ad5d75fd04e6a7c0b24ac80911141bf4dcd2bbb78e0f

SHA512
532336ff5cfdd7ea272b7b8c52a89bbc795243d1f5d8045ba7f1e823e95a9f813fe2cf31c9fee3ad110659e74340813bbb760ee0d756798f8eaa85e7c5e1981d

Download Submit
memory/1368-55-0x0000000000000000-mapping.dmp

Download
memory/1708-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download