0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536

Analysis

max time kernel
112s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 09:45

Target

0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe
Size

96KB
MD5

209bad0e623e0ef809563c851005f298
SHA1

498c4ec29c64c62c7eeb4c8a5b82df795d6a5909
SHA256

0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536
SHA512

86bfb1905a6859431b88213ae6099f526cfedc362ae65c1c679ccffeceffbd8cbb6ede8fa7bbef18b0a6d2c041871260abf00e2316e182f675344cbabd1d1c22
SSDEEP

1536:CMFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prRmw2tRs/yn:CeS4jHS8q/3nTzePCwNUh4E9Rmw2Qyn

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1376	egfpslwoqm

Loads dropped DLL 2 IoCs

pid	Process
1636	0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe
1636	0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1376	1636	0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe	27
PID 1636 wrote to memory of 1376	1636	0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe	27
PID 1636 wrote to memory of 1376	1636	0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe	27
PID 1636 wrote to memory of 1376	1636	0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe	27

C:\Users\Admin\AppData\Local\Temp\0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe
"C:\Users\Admin\AppData\Local\Temp\0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1636
- \??\c:\users\admin\appdata\local\egfpslwoqm
  "C:\Users\Admin\AppData\Local\Temp\0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe" a -sc:\users\admin\appdata\local\temp\0c36d1425d56c6429df3b4a31490f0e246ff17cf38b2196180c293a916dfb536.exe
  2⤵
  - Executes dropped EXE
  PID:1376

C:\Users\Admin\AppData\Local\egfpslwoqm

Filesize
23.8MB

MD5
11755a917f5182f6f7c51316530a10e8

SHA1
9ba5fb3693c070c4f242c03f8eba09ef5df72d8d

SHA256
eac9227aa3ad77e96de506c3599e89a07ebb1743e6e3aa70a831acfbefd56ae7

SHA512
9869565f8bfca09a614125ae9c1f5eb3d0f963865722c9c450762d85860e80acbeec493da1717e4a5651ffab63a3b9ba1c1ffa8d80f1709f54cca7d08f73985b

Download Submit
\Users\Admin\AppData\Local\egfpslwoqm

Filesize
23.8MB

MD5
11755a917f5182f6f7c51316530a10e8

SHA1
9ba5fb3693c070c4f242c03f8eba09ef5df72d8d

SHA256
eac9227aa3ad77e96de506c3599e89a07ebb1743e6e3aa70a831acfbefd56ae7

SHA512
9869565f8bfca09a614125ae9c1f5eb3d0f963865722c9c450762d85860e80acbeec493da1717e4a5651ffab63a3b9ba1c1ffa8d80f1709f54cca7d08f73985b

Download Submit
\Users\Admin\AppData\Local\egfpslwoqm

Filesize
23.8MB

MD5
11755a917f5182f6f7c51316530a10e8

SHA1
9ba5fb3693c070c4f242c03f8eba09ef5df72d8d

SHA256
eac9227aa3ad77e96de506c3599e89a07ebb1743e6e3aa70a831acfbefd56ae7

SHA512
9869565f8bfca09a614125ae9c1f5eb3d0f963865722c9c450762d85860e80acbeec493da1717e4a5651ffab63a3b9ba1c1ffa8d80f1709f54cca7d08f73985b

Download Submit
memory/1376-60-0x0000000000400000-0x000000000044E34C-memory.dmp

Filesize
312KB

Download
memory/1376-61-0x0000000000400000-0x000000000044E34C-memory.dmp

Filesize
312KB

Download
memory/1636-54-0x0000000000400000-0x000000000044E34C-memory.dmp

Filesize
312KB

Download
memory/1636-55-0x0000000000400000-0x000000000044E34C-memory.dmp

Filesize
312KB

Download