8734f3c8ce12a353ae36fff147c6904d51cb4c21bb1ef430995ba3ae46262660

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 04:11

Target

6143eb7a0403e059855c461b207b4f49.exe
Size

444KB
MD5

6143eb7a0403e059855c461b207b4f49
SHA1

a0b1fecfcac66c8424c89b39f8b6bcc41642e3bb
SHA256

8734f3c8ce12a353ae36fff147c6904d51cb4c21bb1ef430995ba3ae46262660
SHA512

990dc56a9ad07259da0a9347a090530e662d23df5e01723ee311d6d3a01aefca8a90af873d1dea5b560014bfa34004f60e73f07e3ed92003f6c93051ae7556b9
SSDEEP

6144:MTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh36rSLL64j7W4+yQrOx5Yszv8a+rHICRp:MLry/neyx7f/A64j7P+tixhT8a+rHICH

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2868	vibgxpan.exe

Loads dropped DLL 1 IoCs

pid	Process
2008	6143eb7a0403e059855c461b207b4f49.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\xgznl\vibgxpan.exe	6143eb7a0403e059855c461b207b4f49.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2868	2008	6143eb7a0403e059855c461b207b4f49.exe	28
PID 2008 wrote to memory of 2868	2008	6143eb7a0403e059855c461b207b4f49.exe	28
PID 2008 wrote to memory of 2868	2008	6143eb7a0403e059855c461b207b4f49.exe	28
PID 2008 wrote to memory of 2868	2008	6143eb7a0403e059855c461b207b4f49.exe	28

C:\Users\Admin\AppData\Local\Temp\6143eb7a0403e059855c461b207b4f49.exe
"C:\Users\Admin\AppData\Local\Temp\6143eb7a0403e059855c461b207b4f49.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\xgznl\vibgxpan.exe
  "C:\Program Files (x86)\xgznl\vibgxpan.exe"
  2⤵
  - Executes dropped EXE
  PID:2868

\Program Files (x86)\xgznl\vibgxpan.exe

Filesize
469KB

MD5
f7085595a1e5d05d6b240999dc182e2f

SHA1
691961eeaff4b4b8c62af6aa13e9c46bb4c7049c

SHA256
a8c5215a43902033e93daf4bbd819a2af2c3888c5f291cb320afdce395a50cfa

SHA512
eca16ab96a2b9fe531059c7d49dc87eeea014a64a1fefd110b2a5fd8bcabc986b4903e2bc17a698eee0ab39d0a5de830a3e1753381e35074fd8d88797c0f822b

Download Submit
memory/2008-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2008-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2008-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2008-6-0x0000000001DB0000-0x0000000001E44000-memory.dmp

Filesize
592KB

Download
memory/2868-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2868-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download