48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98

Analysis

max time kernel
154s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 14:47

Target

48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe
Size

96KB
MD5

7506d16a3c42e7c84aa436684a782c5a
SHA1

260342f671d0356adae7bf23f50742f2db4f0011
SHA256

48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98
SHA512

cd10c5cb921cfbf35766b66bad5d45761ec2f2988f1b0575c3e46961c1cd05067a72d43ea1bd66b06df8a6859e610589d0881893d86b8e949664073b6ad11216
SSDEEP

1536:muFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prd/UY+Ip9mPO:mUS4jHS8q/3nTzePCwNUh4E9dAIp9mPO

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1532	fjyyigryuy

Loads dropped DLL 2 IoCs

pid	Process
1696	48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe
1696	48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 1532	1696	48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe	27
PID 1696 wrote to memory of 1532	1696	48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe	27
PID 1696 wrote to memory of 1532	1696	48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe	27
PID 1696 wrote to memory of 1532	1696	48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe	27

C:\Users\Admin\AppData\Local\Temp\48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe
"C:\Users\Admin\AppData\Local\Temp\48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1696
- \??\c:\users\admin\appdata\local\fjyyigryuy
  "C:\Users\Admin\AppData\Local\Temp\48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe" a -sc:\users\admin\appdata\local\temp\48fa8e7b528933da2e74f34bef8f659f2bcc64a4e1445601b551517c5d065a98.exe
  2⤵
  - Executes dropped EXE
  PID:1532

C:\Users\Admin\AppData\Local\fjyyigryuy

Filesize
23.4MB

MD5
1c5fb28bd0f9ce762f4257b534dacad0

SHA1
de6cf7ebcf187964bd3b87d75f1a94ba9728ac6e

SHA256
e62d7a366a48dab4e84a4001573c330c50169bfa4b0848c1df884accab0feca7

SHA512
ac3881d33cb17ebf569658ae26c4c852d4c60de46274bcf433f38eb921dac1917f23c892620a5fb5b75cadb975ee53f477042d56dc5857f716914fec9487dd66

Download Submit
\Users\Admin\AppData\Local\fjyyigryuy

Filesize
23.4MB

MD5
1c5fb28bd0f9ce762f4257b534dacad0

SHA1
de6cf7ebcf187964bd3b87d75f1a94ba9728ac6e

SHA256
e62d7a366a48dab4e84a4001573c330c50169bfa4b0848c1df884accab0feca7

SHA512
ac3881d33cb17ebf569658ae26c4c852d4c60de46274bcf433f38eb921dac1917f23c892620a5fb5b75cadb975ee53f477042d56dc5857f716914fec9487dd66

Download Submit
\Users\Admin\AppData\Local\fjyyigryuy

Filesize
23.4MB

MD5
1c5fb28bd0f9ce762f4257b534dacad0

SHA1
de6cf7ebcf187964bd3b87d75f1a94ba9728ac6e

SHA256
e62d7a366a48dab4e84a4001573c330c50169bfa4b0848c1df884accab0feca7

SHA512
ac3881d33cb17ebf569658ae26c4c852d4c60de46274bcf433f38eb921dac1917f23c892620a5fb5b75cadb975ee53f477042d56dc5857f716914fec9487dd66

Download Submit
memory/1532-60-0x0000000000400000-0x000000000044E2C0-memory.dmp

Filesize
312KB

Download
memory/1532-61-0x0000000000400000-0x000000000044E2C0-memory.dmp

Filesize
312KB

Download
memory/1696-54-0x0000000000400000-0x000000000044E2C0-memory.dmp

Filesize
312KB

Download
memory/1696-55-0x0000000000400000-0x000000000044E2C0-memory.dmp

Filesize
312KB

Download