b331c09fb769c719b9d7e3bd900564b83e32eb846ac0661b1e901350b064d150

Analysis

max time kernel
224s
max time network
337s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 05:41 UTC

Target

b331c09fb769c719b9d7e3bd900564b83e32eb846ac0661b1e901350b064d150.exe
Size

381KB
MD5

62f09b17f61c30e0e0e3f8e08e4fcc01
SHA1

c418e47eae3ff854156e2baf6eee2859a98f48fa
SHA256

b331c09fb769c719b9d7e3bd900564b83e32eb846ac0661b1e901350b064d150
SHA512

f8867a9e2632e103d441b1b96736cb11d4229e605344ac14637e741d5fdac7aec68aa889c6ef338ff4d4c6576b8e8f6328debc96bf7a47a117eb5764aad1d041
SSDEEP

6144:xEdnEOr16I1RbHFbI8hhT24HzDE7GRAIgQm4+MCJlLo:WdnEOrYIDrLq4HWI3m/FHLo

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Config.ini	b331c09fb769c719b9d7e3bd900564b83e32eb846ac0661b1e901350b064d150.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 1516	560	b331c09fb769c719b9d7e3bd900564b83e32eb846ac0661b1e901350b064d150.exe	28
PID 560 wrote to memory of 1516	560	b331c09fb769c719b9d7e3bd900564b83e32eb846ac0661b1e901350b064d150.exe	28
PID 560 wrote to memory of 1516	560	b331c09fb769c719b9d7e3bd900564b83e32eb846ac0661b1e901350b064d150.exe	28
PID 560 wrote to memory of 1516	560	b331c09fb769c719b9d7e3bd900564b83e32eb846ac0661b1e901350b064d150.exe	28

C:\Windows\tempbat.bat

Filesize
916B

MD5
78eeb18ce1394b4cce065a5983418966

SHA1
f5a60d124c266e1fdc46c49cd4ea4f3e8025c237

SHA256
ab35b60b64a83a2bafb42ad64ba380ad0519bc7bb4f5cec8f67d1f8011c7b562

SHA512
5569e0b70f951b161141d6e615049333fe9cb8461272b8a4d4e6984bbf626d656844c6b8384cebfdee99b55c26402e369707ef91c4dd62ebd7eb93a63fd680de

Download Submit