9caec942f83b073af1201305e72d725dfe20fda360f557d0b212153cb53659f0

Analysis

max time kernel
26s
max time network
41s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
07/12/2022, 01:52

Target

9caec942f83b073af1201305e72d725dfe20fda360f557d0b212153cb53659f0.exe
Size

9KB
MD5

e60d015c1256ae99eef3eaa42da7f3a7
SHA1

c5479b419d2a15052ef9578bb4a9decb401b6b3b
SHA256

9caec942f83b073af1201305e72d725dfe20fda360f557d0b212153cb53659f0
SHA512

100cecf5393874d3d3a3b82597ab766cc7f97b0b34d90a4b9a98ea7f573fc2e2ffcf1df44ccabc67ab59eda4989bcbf7795a47d629a5fdebd1384ccb4d001870
SSDEEP

192:70H0G6wUhyV7SM4o4feeEEZpaHfCiztFoPpZDL2:7qxjUW7TweUpGfC04phL2

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 1188	776	9caec942f83b073af1201305e72d725dfe20fda360f557d0b212153cb53659f0.exe	28
PID 776 wrote to memory of 1188	776	9caec942f83b073af1201305e72d725dfe20fda360f557d0b212153cb53659f0.exe	28
PID 776 wrote to memory of 1188	776	9caec942f83b073af1201305e72d725dfe20fda360f557d0b212153cb53659f0.exe	28
PID 776 wrote to memory of 1188	776	9caec942f83b073af1201305e72d725dfe20fda360f557d0b212153cb53659f0.exe	28
PID 1188 wrote to memory of 1116	1188	cmd.exe	30
PID 1188 wrote to memory of 1116	1188	cmd.exe	30
PID 1188 wrote to memory of 1116	1188	cmd.exe	30
PID 1188 wrote to memory of 1116	1188	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\9caec942f83b073af1201305e72d725dfe20fda360f557d0b212153cb53659f0.exe
"C:\Users\Admin\AppData\Local\Temp\9caec942f83b073af1201305e72d725dfe20fda360f557d0b212153cb53659f0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:776
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\7094067.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1188
- - C:\Windows\SysWOW64\ftp.exe
    ftp -s:net.txt
    3⤵
    PID:1116

C:\Users\Admin\AppData\Local\Temp\7094067.bat

Filesize
194B

MD5
59525a8db35634392daa9c8e25080478

SHA1
744017567db5524472a34e31a841e15c20485620

SHA256
dfe44abaa3a5e6926a6fe83b964a5044630a1c8695a7d782230d48c03161c646

SHA512
134b16a52f012e12fb08ecac4ffb14bc27720b936f1a28cab87a125b015611a4914d6df9a7f054f1a04d86126163cb9d6b357421a01b44d82a7d8cce7713070d

Download Submit
C:\Users\Admin\AppData\Local\Temp\net.txt

Filesize
59B

MD5
81e3e066eceef18f2611ccb07342f07e

SHA1
fec1ebb394c650dc27aba5e33795b189dfce198b

SHA256
783c474c29f98b1b7bd87c3096204955065bc3065bb58fb538cc9bbc8a81bec0

SHA512
b489c374cfd238fe7e121f17825b0b26010de83e30d95f51e0e1010352c676b29ec597518cfac1c873cdb4d393811dd01c6acd047ddab461041da235c35f5aa8

Download Submit