9cb3cc4532074ff7ef7e75485cc799e7d479b77c246b8bfc9e1b27a503d1be97

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/06/2023, 12:03

Target

kill.exe
Size

6.6MB
MD5

3d771ef1a9cf24a324bfee422c6352d3
SHA1

ed1126e163ef2acea9f3c872876aa6a6c579f757
SHA256

9cb3cc4532074ff7ef7e75485cc799e7d479b77c246b8bfc9e1b27a503d1be97
SHA512

bcd1708866c482eb6f0f29b708ed6b962135dbb452ce7c56204e1c168f99a1595a0185cbc9c62c34400439011cab2ec35b64f54e3e1f35e2a453262506f8da68
SSDEEP

196608:tnY0JDfyGZ21X5Sp6GemDMPwuWJYPnkR:hY0JDfD0pfaMPWT

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
468	kill.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 468	1212	kill.exe	28
PID 1212 wrote to memory of 468	1212	kill.exe	28
PID 1212 wrote to memory of 468	1212	kill.exe	28

C:\Users\Admin\AppData\Local\Temp\kill.exe
"C:\Users\Admin\AppData\Local\Temp\kill.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Users\Admin\AppData\Local\Temp\kill.exe
  "C:\Users\Admin\AppData\Local\Temp\kill.exe"
  2⤵
  - Loads dropped DLL
  PID:468

C:\Users\Admin\AppData\Local\Temp\_MEI12122\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12122\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit