caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038

Analysis

max time kernel
183s
max time network
210s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 21:37

Target

caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe
Size

8KB
MD5

991eae647945338f07b8c14616b6162f
SHA1

b495d4e26ddd185e12f0a53f74f61e1d659f2204
SHA256

caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038
SHA512

c7cf94eb4e835db66f5f940f83769032f29c86a5cf40d8a1d3f9dc1c28267cbcf8212397924bd7dbc8008c306fce334f084363e83af64bae55cc6850069a9778
SSDEEP

192:OeTe+Qq3wPmK3Fb+DvBrpzc6bW412Wf/5CW/:xS3xPgRbW412Wf/5CW/

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
904	caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe
904	caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe
904	caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe
904	caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 964	904	caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe	27
PID 904 wrote to memory of 964	904	caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe	27
PID 904 wrote to memory of 964	904	caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe	27
PID 904 wrote to memory of 964	904	caf71717b385322b40fd3a7c2625c4f36df969f3bc5a41c814a7b41145ba2038.exe	27

memory/904-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download