e7c0bdc7af86261b9a7cfc1c8e799d6d10bb65249428b5baace1cebc7ab72399

Analysis

max time kernel
152s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 23:05

Target

gR0Jd24.exe
Size

553KB
MD5

e194dea7cd10363a012aa8e1a44429c4
SHA1

87565e07b41e6198db4713e45b4830d1bf353963
SHA256

e7c0bdc7af86261b9a7cfc1c8e799d6d10bb65249428b5baace1cebc7ab72399
SHA512

7609f002c0b9c6b3bbecf4f246d7d98ae5ab39561e689453e064dba8b8d0548c7b9e2e5ec306d030fd03772e8c3d97aa3990090a6f7e327372af301bbb17cf8c
SSDEEP

12288:YlaTTFd2g+dmY6hBlE5euSULi0wI7jaErd:aYTFd2gmmja5euSU2rIiErd

Score

1^/10

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2032	2476	gR0Jd24.exe	29
PID 2476 wrote to memory of 2032	2476	gR0Jd24.exe	29
PID 2476 wrote to memory of 2032	2476	gR0Jd24.exe	29
PID 2476 wrote to memory of 1824	2476	gR0Jd24.exe	30
PID 2476 wrote to memory of 1824	2476	gR0Jd24.exe	30
PID 2476 wrote to memory of 1824	2476	gR0Jd24.exe	30
PID 1824 wrote to memory of 1528	1824	cmd.exe	31
PID 1824 wrote to memory of 1528	1824	cmd.exe	31
PID 1824 wrote to memory of 1528	1824	cmd.exe	31
PID 1824 wrote to memory of 1564	1824	cmd.exe	32
PID 1824 wrote to memory of 1564	1824	cmd.exe	32
PID 1824 wrote to memory of 1564	1824	cmd.exe	32
PID 1824 wrote to memory of 1360	1824	cmd.exe	33
PID 1824 wrote to memory of 1360	1824	cmd.exe	33
PID 1824 wrote to memory of 1360	1824	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\gR0Jd24.exe
"C:\Users\Admin\AppData\Local\Temp\gR0Jd24.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c COLOR 0b
  2⤵
  PID:2032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\gR0Jd24.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1824
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\gR0Jd24.exe" MD5
    3⤵
    PID:1528
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:1564
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1360