af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 04:09

Target

af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe
Size

257KB
MD5

18cfbe450747a2463e5a3fa1ee97e93f
SHA1

a178195fc92055ded0fd16bdd06fac82cbb567de
SHA256

af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8
SHA512

b3540904f339ef7db732288650ddcdd6b7d41fde8740d81f3031891f2cbbfe3ef8fd00b002c6c4adc2f6c30d8369f59bde56f27e538e55397acac0e2dc743c20
SSDEEP

6144:lH+2vhjfdSKB6XHABgukwVEfXym375ZtSZX:lH+eJCD

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

55555.exe

pid process

1396 55555.exe
Loads dropped DLL 1 IoCs

Processes:

af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe

pid process

1600 af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe

pid	process
1396	55555.exe

pid	process
1600	af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe

description	pid	process	target process
PID 1600 wrote to memory of 1396	1600	af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe	55555.exe
PID 1600 wrote to memory of 1396	1600	af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe	55555.exe
PID 1600 wrote to memory of 1396	1600	af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe	55555.exe
PID 1600 wrote to memory of 1396	1600	af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe	55555.exe

C:\Users\Admin\AppData\Local\Temp\55555.exe
"C:\Users\Admin\AppData\Local\Temp\55555.exe"
2⤵
- Executes dropped EXE
PID:1396

C:\Users\Admin\AppData\Local\Temp\55555.EXE

Filesize
27KB

MD5
92aed9e9f3dc5096f758ec14d309d861

SHA1
9030ccd3d95cff21b8e14d4a5da752ccd67c956b

SHA256
4fccbdf02c2330f4a93d407e1f6b4022b54b07e4066a1c5b3a7279b11a4aa11d

SHA512
5c8e128c3e3f21d931bfd3c5ee2a3363390266d472dc007d2a4e29b563a7df6f2611144d99f33d26ae3f6c883e35efd0554b9ebd8a391ff87422f1715f08a06e

Download Submit
C:\Users\Admin\AppData\Local\Temp\55555.exe

Filesize
27KB

MD5
92aed9e9f3dc5096f758ec14d309d861

SHA1
9030ccd3d95cff21b8e14d4a5da752ccd67c956b

SHA256
4fccbdf02c2330f4a93d407e1f6b4022b54b07e4066a1c5b3a7279b11a4aa11d

SHA512
5c8e128c3e3f21d931bfd3c5ee2a3363390266d472dc007d2a4e29b563a7df6f2611144d99f33d26ae3f6c883e35efd0554b9ebd8a391ff87422f1715f08a06e

Download Submit
\Users\Admin\AppData\Local\Temp\55555.EXE

Filesize
27KB

MD5
92aed9e9f3dc5096f758ec14d309d861

SHA1
9030ccd3d95cff21b8e14d4a5da752ccd67c956b

SHA256
4fccbdf02c2330f4a93d407e1f6b4022b54b07e4066a1c5b3a7279b11a4aa11d

SHA512
5c8e128c3e3f21d931bfd3c5ee2a3363390266d472dc007d2a4e29b563a7df6f2611144d99f33d26ae3f6c883e35efd0554b9ebd8a391ff87422f1715f08a06e

Download Submit
memory/1396-55-0x0000000000000000-mapping.dmp

Download
memory/1396-58-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1396-59-0x0000000074100000-0x00000000746AB000-memory.dmp

Filesize
5.7MB

Download
memory/1396-60-0x0000000074100000-0x00000000746AB000-memory.dmp

Filesize
5.7MB

Download