f6e07d17b6b1296b4a8b6ba9d2223d503410ec171a42cbd9fceeca8c3cafdf9d

Resubmissions

13-01-2023 18:10

13-01-2023 18:08

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-es
resource tags

arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
submitted
13-01-2023 18:08

Target

bf34c8ed9467299cb2c7d711e63ab460e4039d5355ef76eb1d5c73b51b0ef637.exe
Size

701KB
MD5

f71244052aef4d54a49a279c153cc418
SHA1

4bf7164e83401df6e4f1e199cda3a1c1c9a5e2d7
SHA256

bf34c8ed9467299cb2c7d711e63ab460e4039d5355ef76eb1d5c73b51b0ef637
SHA512

c047fece18607be30ebd9f7f950f32c341345e9a211dbf75f0319b8b88b37f897deb740f8bbee6eb38812ed8fae8c550da9f69826fecfa15beea25b83e7b5dd1
SSDEEP

12288:rvH8wK/KbewiS+vUyWwbZjijOsjOEbK0fKq481NGg:7hKuj+8ydjNsaERfKq7r

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

bf34c8ed9467299cb2c7d711e63ab460e4039d5355ef76eb1d5c73b51b0ef637.exe

pid process

1072 bf34c8ed9467299cb2c7d711e63ab460e4039d5355ef76eb1d5c73b51b0ef637.exe

pid	process
1072	bf34c8ed9467299cb2c7d711e63ab460e4039d5355ef76eb1d5c73b51b0ef637.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

wmplayer.exe

description	pid	process	target process
PID 1960 wrote to memory of 1192	1960	wmplayer.exe	setup_wm.exe
PID 1960 wrote to memory of 1192	1960	wmplayer.exe	setup_wm.exe
PID 1960 wrote to memory of 1192	1960	wmplayer.exe	setup_wm.exe
PID 1960 wrote to memory of 1192	1960	wmplayer.exe	setup_wm.exe
PID 1960 wrote to memory of 1192	1960	wmplayer.exe	setup_wm.exe
PID 1960 wrote to memory of 1192	1960	wmplayer.exe	setup_wm.exe
PID 1960 wrote to memory of 1192	1960	wmplayer.exe	setup_wm.exe

C:\Users\Admin\AppData\Local\Temp\bf34c8ed9467299cb2c7d711e63ab460e4039d5355ef76eb1d5c73b51b0ef637.exe
"C:\Users\Admin\AppData\Local\Temp\bf34c8ed9467299cb2c7d711e63ab460e4039d5355ef76eb1d5c73b51b0ef637.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1072

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1960

C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
2⤵
PID:1192

memory/1072-54-0x0000000076601000-0x0000000076603000-memory.dmp

Filesize
8KB

Download
memory/1192-56-0x0000000000000000-mapping.dmp

Download