b9c36da42919719dcadd5252cb675cad35f0f63566b24a7a95fc0f5dfddb5497

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22-10-2023 07:14

Target

KH098765680000000.exe
Size

356KB
MD5

c3fd40f62d9b66dc9907f57cb51dfc02
SHA1

4c315086caa77760f3a5439fd06b33d31dd5ee9f
SHA256

b9c36da42919719dcadd5252cb675cad35f0f63566b24a7a95fc0f5dfddb5497
SHA512

866cb2a6489ec04c3e649ff8e8a6af777cd4435eec624080d8aaca529d00362cf094c7727d48f5b003d3a5ef4f1160de09059782be6d40e33c6d3923dffb413f
SSDEEP

6144:L0ntBIKD2SJMzsdRytZNYvzMsKTBhoR/wHD3IRopPMM2QAxWaqJJzdk6ceh9X3PL:stfD2S+FeZesOR27hCfk6ceXs650

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

KH098765680000000.exe

description	pid	process	target process
PID 2012 wrote to memory of 2852	2012	KH098765680000000.exe	InstallUtil.exe
PID 2012 wrote to memory of 2852	2012	KH098765680000000.exe	InstallUtil.exe
PID 2012 wrote to memory of 2852	2012	KH098765680000000.exe	InstallUtil.exe
PID 2012 wrote to memory of 2852	2012	KH098765680000000.exe	InstallUtil.exe
PID 2012 wrote to memory of 2852	2012	KH098765680000000.exe	InstallUtil.exe
PID 2012 wrote to memory of 2852	2012	KH098765680000000.exe	InstallUtil.exe
PID 2012 wrote to memory of 2852	2012	KH098765680000000.exe	InstallUtil.exe

C:\Users\Admin\AppData\Local\Temp\KH098765680000000.exe
"C:\Users\Admin\AppData\Local\Temp\KH098765680000000.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
2⤵
PID:2852

memory/2012-0-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download
memory/2012-1-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/2012-2-0x0000000000240000-0x0000000000294000-memory.dmp

Filesize
336KB

Download
memory/2012-3-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2012-4-0x00000000002F0000-0x00000000002FA000-memory.dmp

Filesize
40KB

Download
memory/2012-5-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download