c6ef3de7a8bd6e03da288997dae43e9c7e41c307f63c0746d1fdd86ae22645d9

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 23:23

Target

19361b591212b1ab595c192b61795ad4.exe
Size

2.6MB
MD5

19361b591212b1ab595c192b61795ad4
SHA1

08e39015b5f83cccac431320cafb91c56f2aeec8
SHA256

c6ef3de7a8bd6e03da288997dae43e9c7e41c307f63c0746d1fdd86ae22645d9
SHA512

6212ebd8a212d79fd0eac64e5b286cc396e1d41e696fb097c6f0f67c22dba5473f118f916fc78911b4dad3031f6b96a14b0752322e39b85d706d3cca09b47a1e
SSDEEP

24576:t3kCWv2Z5MMHvQLafrlCh9ffVs2FUdUEdiNUuDjucKyj79homuSw1lWP6eJCGjtN:t3H5MMPQ2cffrFU6Edi+uP0y/TwbcznR

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2412	cmd.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2412	2448	19361b591212b1ab595c192b61795ad4.exe	28
PID 2448 wrote to memory of 2412	2448	19361b591212b1ab595c192b61795ad4.exe	28
PID 2448 wrote to memory of 2412	2448	19361b591212b1ab595c192b61795ad4.exe	28
PID 2448 wrote to memory of 2412	2448	19361b591212b1ab595c192b61795ad4.exe	28

C:\Users\Admin\AppData\Local\Temp\19361b591212b1ab595c192b61795ad4.exe
"C:\Users\Admin\AppData\Local\Temp\19361b591212b1ab595c192b61795ad4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\qelizresa1.bat
  2⤵
  - Deletes itself
  PID:2412

C:\Users\Admin\AppData\Local\Temp\qelizresa1.bat

Filesize
211B

MD5
12cbc1a707fa33026a1010ac3d7e6f92

SHA1
2de0532001a904049bc5d08b059039aab4a56eee

SHA256
9c3118710ec23a453586006517477c6597fb3fb9902745277347a70ccc7b40e9

SHA512
2ab8f21239f623aa91051a9b386171fb4d1588a46da6547b46b08e4557499444d19276da8915729aa79eef9c17f8f056af4b5deae9636044fe76512f93eda810

Download Submit
memory/2448-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download