c0c9e2acb985a0115c7cc956dc4566e628ada43c257355623d0533ba398d0a19

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 06:30

Target

75fbd9ac1fc1fb395c4f26e845803fbd.exe
Size

787KB
MD5

75fbd9ac1fc1fb395c4f26e845803fbd
SHA1

5f7e04cf10d4eae95b041cde85a0c268502b8436
SHA256

c0c9e2acb985a0115c7cc956dc4566e628ada43c257355623d0533ba398d0a19
SHA512

7235a66f987b70948f48921a4ab0f33545fd53cb84e4c8361eb2922be7993db142c6a605a57d23170e628745a87e5548e6158ea0dd40495a25db650d1d977199
SSDEEP

24576:qKeyxTAJj7P+yW6mc1YN1ChWrKFhTkDvIj6k7DS:qKeyRA0y9fWN1ChWePDj6k/S

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2120	mplftp.exe

Loads dropped DLL 1 IoCs

pid	Process
1696	75fbd9ac1fc1fb395c4f26e845803fbd.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\gcypvjau\mplftp.exe	75fbd9ac1fc1fb395c4f26e845803fbd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2120	1696	75fbd9ac1fc1fb395c4f26e845803fbd.exe	28
PID 1696 wrote to memory of 2120	1696	75fbd9ac1fc1fb395c4f26e845803fbd.exe	28
PID 1696 wrote to memory of 2120	1696	75fbd9ac1fc1fb395c4f26e845803fbd.exe	28
PID 1696 wrote to memory of 2120	1696	75fbd9ac1fc1fb395c4f26e845803fbd.exe	28

C:\Users\Admin\AppData\Local\Temp\75fbd9ac1fc1fb395c4f26e845803fbd.exe
"C:\Users\Admin\AppData\Local\Temp\75fbd9ac1fc1fb395c4f26e845803fbd.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files (x86)\gcypvjau\mplftp.exe
  "C:\Program Files (x86)\gcypvjau\mplftp.exe"
  2⤵
  - Executes dropped EXE
  PID:2120

C:\Program Files (x86)\gcypvjau\mplftp.exe

Filesize
453KB

MD5
4814f5cd6b0c2b071d7adf051caff772

SHA1
6cced8807ffc4e0ae2d1012c26b4244090c7b205

SHA256
68c736a7b7dab2e70ce7df4a482093e7b992773e906c9c54ac2c0383ef53554b

SHA512
b6a3c5c90bb69a2d5391e0640f87e3181390b4d36eab2e8c5db8cb05414d324b4b0764fedbd984c734f3358543b0181ce981a805756396b4808f184bce7cec3a

Download Submit
\Program Files (x86)\gcypvjau\mplftp.exe

Filesize
763KB

MD5
b51457cd83394e639ced48aa76fb9ab0

SHA1
cb27a2b860be9d466c4ea8491b1ab450208b3696

SHA256
0e0a2b5794893afa8278b5016984f865547512c065f5f0986218d0964850fe42

SHA512
8c3dc9a55ebe2a8b35baa95815fc7a7e4c248e85ed823c0e2a668441e6e11f63fc6d07353d6e81070f8993d182424004cd5ea604abbc05f552ca627eeabaeca3

Download Submit
memory/1696-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1696-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1696-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2120-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2120-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2120-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download