91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a

Analysis

max time kernel
108s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 00:46

Target

91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe
Size

96KB
MD5

774e1e7ca57509d3dd62dee398482e1c
SHA1

1138c5f397da6e2cf071d388e161dce5f58e202a
SHA256

91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a
SHA512

f8995008a2a47796915c0e4404ba7a06e922a6e6592094e5f4980e439d06bc66ef63087976834c5510c9334515c24bd154ee2b76be9aaf9bde18025b71a9047d
SSDEEP

1536:jNFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prRopHus:jzS4jHS8q/3nTzePCwNUh4E9qOs

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
820	dcgvrvubvn

Loads dropped DLL 2 IoCs

pid	Process
948	91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe
948	91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 820	948	91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe	28
PID 948 wrote to memory of 820	948	91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe	28
PID 948 wrote to memory of 820	948	91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe	28
PID 948 wrote to memory of 820	948	91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe	28

C:\Users\Admin\AppData\Local\Temp\91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe
"C:\Users\Admin\AppData\Local\Temp\91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:948
- \??\c:\users\admin\appdata\local\dcgvrvubvn
  "C:\Users\Admin\AppData\Local\Temp\91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe" a -sc:\users\admin\appdata\local\temp\91b7df07f5dbf04cf0b9a263249ef70cc4e9e2ae194b5a3adcc62e8c487f5d6a.exe
  2⤵
  - Executes dropped EXE
  PID:820

C:\Users\Admin\AppData\Local\dcgvrvubvn

Filesize
19.9MB

MD5
bd29423a1cc13289b6cbec911c8fff0c

SHA1
c20f23598c8c85d6a3dd9d015e3f7e9845ec5b7c

SHA256
71528cd41de0c7ed75d3a447a5f686688d6878a066861edec9925bb803644b04

SHA512
02daee33cf3c362aa6bf99ef6aaddd0ea60ca54c028dad9b15da679f540198553822efaccbf96250748fa141df3f5ffc032587fd1de5edab242d5ad95ee7b205

Download Submit
\Users\Admin\AppData\Local\dcgvrvubvn

Filesize
19.9MB

MD5
bd29423a1cc13289b6cbec911c8fff0c

SHA1
c20f23598c8c85d6a3dd9d015e3f7e9845ec5b7c

SHA256
71528cd41de0c7ed75d3a447a5f686688d6878a066861edec9925bb803644b04

SHA512
02daee33cf3c362aa6bf99ef6aaddd0ea60ca54c028dad9b15da679f540198553822efaccbf96250748fa141df3f5ffc032587fd1de5edab242d5ad95ee7b205

Download Submit
\Users\Admin\AppData\Local\dcgvrvubvn

Filesize
19.9MB

MD5
bd29423a1cc13289b6cbec911c8fff0c

SHA1
c20f23598c8c85d6a3dd9d015e3f7e9845ec5b7c

SHA256
71528cd41de0c7ed75d3a447a5f686688d6878a066861edec9925bb803644b04

SHA512
02daee33cf3c362aa6bf99ef6aaddd0ea60ca54c028dad9b15da679f540198553822efaccbf96250748fa141df3f5ffc032587fd1de5edab242d5ad95ee7b205

Download Submit
memory/820-60-0x0000000000400000-0x000000000044E4A4-memory.dmp

Filesize
313KB

Download
memory/820-61-0x0000000000400000-0x000000000044E4A4-memory.dmp

Filesize
313KB

Download
memory/948-54-0x0000000000400000-0x000000000044E4A4-memory.dmp

Filesize
313KB

Download
memory/948-55-0x0000000000400000-0x000000000044E4A4-memory.dmp

Filesize
313KB

Download