96fef3c78f78f180669bdd741be26e6c0a3acb039e6a4235110fc498ad0804e4

Analysis

max time kernel
142s
max time network
148s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15-10-2023 19:47

Target

d4241664d57cbee73958005d2d30d510_exe32.exe
Size

60KB
MD5

d4241664d57cbee73958005d2d30d510
SHA1

0122431ddf292c8c8d3ec6bc7799f90aeb33f836
SHA256

96fef3c78f78f180669bdd741be26e6c0a3acb039e6a4235110fc498ad0804e4
SHA512

5cce198150b95fa68f71543837fccfaedee43b3c620fd1f32b797cb7837c88d7499cbecc4a182ad5c0622c4f8d484c957a38fbc2a93c10fd93024c4a4d2d35a3
SSDEEP

1536:Itka3G9MXSRa+ycuCRo0oxNqIxSupVvIZ:Qka29MXZxIZ

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2368	bijaweed.exe

Loads dropped DLL 1 IoCs

pid	Process
2296	d4241664d57cbee73958005d2d30d510_exe32.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	icanhazip.com

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2368	2296	d4241664d57cbee73958005d2d30d510_exe32.exe	28
PID 2296 wrote to memory of 2368	2296	d4241664d57cbee73958005d2d30d510_exe32.exe	28
PID 2296 wrote to memory of 2368	2296	d4241664d57cbee73958005d2d30d510_exe32.exe	28
PID 2296 wrote to memory of 2368	2296	d4241664d57cbee73958005d2d30d510_exe32.exe	28

C:\Users\Admin\AppData\Local\Temp\d4241664d57cbee73958005d2d30d510_exe32.exe
"C:\Users\Admin\AppData\Local\Temp\d4241664d57cbee73958005d2d30d510_exe32.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Users\Admin\AppData\Local\Temp\bijaweed.exe
  C:\Users\Admin\AppData\Local\Temp\bijaweed.exe
  2⤵
  - Executes dropped EXE
  PID:2368

C:\Users\Admin\AppData\Local\Temp\bijaweed.exe

Filesize
60KB

MD5
82d96254aa987cb34f5678b31e8f8220

SHA1
75a6fdf3d68e6d77dec3cf73c7c86ebf1d314b5a

SHA256
4f987beceb2dd955e5a4f9981bb4e4c90f78e4d1068acbfe19c3ef4f8d7f6531

SHA512
7ed1f35ee61ddb2f4aa1c386e53405ffcc9f5bb8e1bdf1150e13b2edeb5accccdb561740d44f3e3ed2187c5a838d8e58389f17d31271d4aaf0275ba06794a252

Download Submit
C:\Users\Admin\AppData\Local\Temp\bijaweed.exe

Filesize
60KB

MD5
82d96254aa987cb34f5678b31e8f8220

SHA1
75a6fdf3d68e6d77dec3cf73c7c86ebf1d314b5a

SHA256
4f987beceb2dd955e5a4f9981bb4e4c90f78e4d1068acbfe19c3ef4f8d7f6531

SHA512
7ed1f35ee61ddb2f4aa1c386e53405ffcc9f5bb8e1bdf1150e13b2edeb5accccdb561740d44f3e3ed2187c5a838d8e58389f17d31271d4aaf0275ba06794a252

Download Submit
\Users\Admin\AppData\Local\Temp\bijaweed.exe

Filesize
60KB

MD5
82d96254aa987cb34f5678b31e8f8220

SHA1
75a6fdf3d68e6d77dec3cf73c7c86ebf1d314b5a

SHA256
4f987beceb2dd955e5a4f9981bb4e4c90f78e4d1068acbfe19c3ef4f8d7f6531

SHA512
7ed1f35ee61ddb2f4aa1c386e53405ffcc9f5bb8e1bdf1150e13b2edeb5accccdb561740d44f3e3ed2187c5a838d8e58389f17d31271d4aaf0275ba06794a252

Download Submit
memory/2296-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2368-7-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download