cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728

Analysis

max time kernel
37s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 09:07

Target

cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe
Size

58KB
MD5

8a1c8b9257625dc89137a48768db699f
SHA1

8cab82dfadb5bcb283b7fe6055466f299cc396d8
SHA256

cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728
SHA512

3e6c412e0212ce03da8a7c3aa6f10691982c3a17739835205e285b96ced987ac6f6d2e09a75f932b18e2cca757bebdf3646f69b7da3466f81264e5dd7e5fd6b6
SSDEEP

1536:S2cpvCXtNdNFVQO/mDkRyIb+b0q5PUmvC/7VV0O:SN9bOu4b+l58mrO

Score

7^/10

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1936 cmd.exe
Drops file in System32 directory 1 IoCs

Processes:

cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe

description ioc process

File created C:\Windows\SysWOW64\Vag.tbl cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

464

pid	process
1936	cmd.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Vag.tbl	cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe

pid	process
464

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe

description	pid	process	target process
PID 1156 wrote to memory of 1936	1156	cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe	cmd.exe
PID 1156 wrote to memory of 1936	1156	cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe	cmd.exe
PID 1156 wrote to memory of 1936	1156	cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe	cmd.exe
PID 1156 wrote to memory of 1936	1156	cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe	cmd.exe

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\cdf199d8adaeb27fe4c68e79d6e9f252305dfcca21eb6d382ed379655d996728.exe"
2⤵
- Deletes itself
PID:1936

memory/1156-54-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1156-55-0x00000000750A1000-0x00000000750A3000-memory.dmp

Filesize
8KB

Download
memory/1156-57-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1936-56-0x0000000000000000-mapping.dmp

Download