b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11

Analysis

max time kernel
36s
max time network
57s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 17:38

Target

b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe
Size

2.4MB
MD5

9a2025585f72ef2bb0b675873cdf451a
SHA1

dbfac0440f0ab660f11a09c583e27ce389c498c6
SHA256

b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11
SHA512

a0eefd33efdc34af579da6a54f89eac80dc4090e04b6399c3f68c9a9ff82fe4b9c702e2e28b2e9d7b9a2c2fb9e4c12d06e2efcf35c3e80693f828c725a4391d4
SSDEEP

24576:jLl/mO5dTfKWL6HXYl+zfqe5pWJHtbe+jEk1Se+vuE6XtKITeS6tJa1J/QjPc2S2:jLlOaMvEHtbe+jf1SuJzlUj

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1864	cmd.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1788	b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe
1788	b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe
1788	b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 1864	1788	b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe	30
PID 1788 wrote to memory of 1864	1788	b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe	30
PID 1788 wrote to memory of 1864	1788	b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe	30
PID 1788 wrote to memory of 1864	1788	b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe	30

C:\Users\Admin\AppData\Local\Temp\b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe
"C:\Users\Admin\AppData\Local\Temp\b300ad2df777ff4fceac05f134b462416889b32087a2bcc3dd5de3960b4e5e11.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\reyh30603.bat
  2⤵
  - Deletes itself
  PID:1864

C:\Users\Admin\AppData\Local\Temp\reyh30603.bat

Filesize
183B

MD5
8bdfc07149656b378e70efc4aed671b3

SHA1
14f7c33b708f031887925d3cb98734df34a589a4

SHA256
654f2a62da62dab1ded59dd3d9ad1829ae7d91fe1d3c68e6a5a9cd7dd097158b

SHA512
c2a1f3050e23a6b4cea0c28d1b891cf243cc05db0d708ed64368d44b32830050c1b19512d1d1ab725843e4516da8ad60b644e4caf7d184e2d475fe415cc021ca

Download Submit
memory/1788-54-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download