7a2f79d9de85d5e6c9baf198f79a3bc2d403a58d4d7a25ec8e5a413bbcc8e25f

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 01:12

Target

AtlasInjectorV2.exe
Size

128KB
MD5

dad2a15c903773ee04f754f72fb7fdb8
SHA1

d4d96fab13c04a78ba07fde801ab06d5b87348c9
SHA256

7a2f79d9de85d5e6c9baf198f79a3bc2d403a58d4d7a25ec8e5a413bbcc8e25f
SHA512

ba721edfa4790b74a3cec6f8c90a98dc12c6479480ca856bf5d188f6962c408c7bfc10f6adf5768a57c65445ec9570f14b75bd680031f8678c1607ac60c9623a
SSDEEP

768:aU2ohfjwgMA67cMA3aF1PHss9IvupZNeLz4fvDzLdSatsdwhQpK/Psza:t2ohfjk6MAKnssukBfvD9ptsy8K/POa

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2348	AtlasInjectorV2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2280	2348	AtlasInjectorV2.exe	29
PID 2348 wrote to memory of 2280	2348	AtlasInjectorV2.exe	29
PID 2348 wrote to memory of 2280	2348	AtlasInjectorV2.exe	29
PID 2348 wrote to memory of 2280	2348	AtlasInjectorV2.exe	29

C:\Users\Admin\AppData\Local\Temp\AtlasInjectorV2.exe
"C:\Users\Admin\AppData\Local\Temp\AtlasInjectorV2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:2280