b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18

Analysis

max time kernel
7s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 06:18

Target

b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18.exe
Size

627KB
MD5

17d012578db98ab3b568a5d077b9a630
SHA1

89bb4a09b9f4b218ebb3b5c4d8b2a83f012fcb6a
SHA256

b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18
SHA512

0434e7cf45469490488d7c7894400e95db5b534363a2414a591931981d9d46129741f15df83588fa4510ea121f1c8a47b24f8b58792082b2425d4b73b1e680b8
SSDEEP

12288:h6Qyv5+vt/2z9olD6669/M+l6nRSciC1qfyI2stDzZ6JvEl+UgKsXBeGdnbH:hO5+v4olDK9/M/PhqV2+Z6JvJVKYeGdr

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1728	~DFA6C.tmp

Loads dropped DLL 1 IoCs

pid	Process
1980	b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1728	1980	b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18.exe	28
PID 1980 wrote to memory of 1728	1980	b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18.exe	28
PID 1980 wrote to memory of 1728	1980	b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18.exe	28
PID 1980 wrote to memory of 1728	1980	b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18.exe	28

C:\Users\Admin\AppData\Local\Temp\b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18.exe
"C:\Users\Admin\AppData\Local\Temp\b6a077b5b24d5c2e52e6e3532ea0dc6d0e924b0e3c4145c6a70411f385ee5f18.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Users\Admin\AppData\Local\Temp\~DFA6C.tmp
  C:\Users\Admin\AppData\Local\Temp\~DFA6C.tmp OK
  2⤵
  - Executes dropped EXE
  PID:1728

C:\Users\Admin\AppData\Local\Temp\~DFA6C.tmp

Filesize
634KB

MD5
20dbaf4cf2327935e4ce40cbb861aa70

SHA1
eab93fc86637ed6998edcbdd543e83b4a8a63206

SHA256
c675048e625f17387d5cc427e2fd537dbd2293d370216e4e342b0c020308ba52

SHA512
6e619ddbaf16bc9e5e47633168b94e9b6a24af6cfe6b7706985765ef0e4f2ab03ef4b33ca22a579b9c4d440de8ba31d6f4cdf3aa664f1dd851e4c471c8009ff5

Download Submit
\Users\Admin\AppData\Local\Temp\~DFA6C.tmp

Filesize
634KB

MD5
20dbaf4cf2327935e4ce40cbb861aa70

SHA1
eab93fc86637ed6998edcbdd543e83b4a8a63206

SHA256
c675048e625f17387d5cc427e2fd537dbd2293d370216e4e342b0c020308ba52

SHA512
6e619ddbaf16bc9e5e47633168b94e9b6a24af6cfe6b7706985765ef0e4f2ab03ef4b33ca22a579b9c4d440de8ba31d6f4cdf3aa664f1dd851e4c471c8009ff5

Download Submit
memory/1728-61-0x0000000000050000-0x000000000010F000-memory.dmp

Filesize
764KB

Download
memory/1728-63-0x0000000000050000-0x000000000010F000-memory.dmp

Filesize
764KB

Download
memory/1980-54-0x0000000075521000-0x0000000075523000-memory.dmp

Filesize
8KB

Download
memory/1980-59-0x00000000009C0000-0x0000000000A7F000-memory.dmp

Filesize
764KB

Download
memory/1980-60-0x0000000002AC0000-0x0000000002B7F000-memory.dmp

Filesize
764KB

Download
memory/1980-62-0x00000000009C0000-0x0000000000A7F000-memory.dmp

Filesize
764KB

Download