6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e

Analysis

max time kernel
107s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 23:06

Target

6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe
Size

95KB
MD5

56945803017bb98f3dd21a822b015bbe
SHA1

a65c214220c9342f9e3653342a50f94410411cf4
SHA256

6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e
SHA512

3ca5e1c8e848152992451924e80c4d4c3849116103dc602c0d80d7cd70b6d5d648646c94106a7499863de245dbee455301a97a7dea2572258c11c159c794836e
SSDEEP

1536:fHFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prnMW5mb5EOx:fxS4jHS8q/3nTzePCwNUh4E9nWbGOx

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1352	enjjfrdysn

Loads dropped DLL 2 IoCs

pid	Process
1504	6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe
1504	6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1352	1504	6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe	26
PID 1504 wrote to memory of 1352	1504	6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe	26
PID 1504 wrote to memory of 1352	1504	6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe	26
PID 1504 wrote to memory of 1352	1504	6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe	26

C:\Users\Admin\AppData\Local\Temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe
"C:\Users\Admin\AppData\Local\Temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1504
- \??\c:\users\admin\appdata\local\enjjfrdysn
  "C:\Users\Admin\AppData\Local\Temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe" a -sc:\users\admin\appdata\local\temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe
  2⤵
  - Executes dropped EXE
  PID:1352

C:\Users\Admin\AppData\Local\enjjfrdysn

Filesize
20.1MB

MD5
40b710e6af03cfebf68a1506d1c5f186

SHA1
df67d6da79d48255a7f0043f666897e577530465

SHA256
2a02d2821123bf5fa477e1d6fc61810020ea41d74c6b8a25393e2a9788efb8f1

SHA512
790d047894acaef52337f4813a98b6ab26bf54f7baf50be01e3884395115cc713730f366466596105a663dae59e5d9ef5c77dc6f6437e0a33031558e5a353ded

Download Submit
\Users\Admin\AppData\Local\enjjfrdysn

Filesize
20.1MB

MD5
40b710e6af03cfebf68a1506d1c5f186

SHA1
df67d6da79d48255a7f0043f666897e577530465

SHA256
2a02d2821123bf5fa477e1d6fc61810020ea41d74c6b8a25393e2a9788efb8f1

SHA512
790d047894acaef52337f4813a98b6ab26bf54f7baf50be01e3884395115cc713730f366466596105a663dae59e5d9ef5c77dc6f6437e0a33031558e5a353ded

Download Submit
\Users\Admin\AppData\Local\enjjfrdysn

Filesize
20.1MB

MD5
40b710e6af03cfebf68a1506d1c5f186

SHA1
df67d6da79d48255a7f0043f666897e577530465

SHA256
2a02d2821123bf5fa477e1d6fc61810020ea41d74c6b8a25393e2a9788efb8f1

SHA512
790d047894acaef52337f4813a98b6ab26bf54f7baf50be01e3884395115cc713730f366466596105a663dae59e5d9ef5c77dc6f6437e0a33031558e5a353ded

Download Submit
memory/1352-60-0x0000000000400000-0x000000000044E348-memory.dmp

Filesize
312KB

Download
memory/1352-61-0x0000000000400000-0x000000000044E348-memory.dmp

Filesize
312KB

Download
memory/1504-54-0x0000000000400000-0x000000000044E348-memory.dmp

Filesize
312KB

Download
memory/1504-55-0x0000000000400000-0x000000000044E348-memory.dmp

Filesize
312KB

Download