7e0a7f098854ad2fef6a176ed36980f8bd5a3788453bb5e36a33e0c81fa4d3ab

Analysis

max time kernel
150s
max time network
98s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
17-03-2023 19:59

Target

file.exe
Size

631KB
MD5

31b3a39e63f7b806def495c2f81fc5e9
SHA1

dda076172d9fd26178ee07ddeeec595deaea8deb
SHA256

7e0a7f098854ad2fef6a176ed36980f8bd5a3788453bb5e36a33e0c81fa4d3ab
SHA512

f29fa6f1215fabb7a762ff3806c18b3bed32c724462945b7da9c14b3f71e583c664242d229e3a44887fbfdcb60f0b9314d69c0dcbcb4eab4e262ddd5b6437b69
SSDEEP

12288:6MmgFrE3wBYeaAGslYgek7yWNDj5Shr4ZyKG:6MmmrE3weeLugeXYDAh+xG

Score

1^/10

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 912	1732	file.exe	29
PID 1732 wrote to memory of 912	1732	file.exe	29
PID 1732 wrote to memory of 912	1732	file.exe	29
PID 912 wrote to memory of 1712	912	cmd.exe	30
PID 912 wrote to memory of 1712	912	cmd.exe	30
PID 912 wrote to memory of 1712	912	cmd.exe	30
PID 912 wrote to memory of 1668	912	cmd.exe	31
PID 912 wrote to memory of 1668	912	cmd.exe	31
PID 912 wrote to memory of 1668	912	cmd.exe	31
PID 912 wrote to memory of 1936	912	cmd.exe	32
PID 912 wrote to memory of 1936	912	cmd.exe	32
PID 912 wrote to memory of 1936	912	cmd.exe	32
PID 1732 wrote to memory of 992	1732	file.exe	33
PID 1732 wrote to memory of 992	1732	file.exe	33
PID 1732 wrote to memory of 992	1732	file.exe	33

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\file.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:912
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\file.exe" MD5
    3⤵
    PID:1712
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:1668
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:992