c61d23e3bdfd9f6d05583e25c98a24f3313e93d77b47d09f06aa2166752e3c3a

Analysis

max time kernel
142s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 09:19

Target

14303216a7dedb014985b13c58308e73.exe
Size

21KB
MD5

14303216a7dedb014985b13c58308e73
SHA1

e1553ed898d1e0aa170573b0d3dda1c181b1928c
SHA256

c61d23e3bdfd9f6d05583e25c98a24f3313e93d77b47d09f06aa2166752e3c3a
SHA512

bd16d8242f3d71c7749060fc134563be7b9e27ab08dce100aa0f3073ed4f28f21c0112c9223e5e3ed3c66338771c861feb05c52c7376581c6e1398fd14a2ec54
SSDEEP

384:nshUHuAdwb492W08W8OY2CWNZ597y68iYf1HRjkzgQJd1Axzr6+S9Pfu7n5c:nmUHuzz8W8ByZj7y68vVRjkzgQKxKdeG

Score

7^/10

aspackv2

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
behavioral1/files/0x000a000000012247-6.dat	aspack_v212_v242

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.exe	smss.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.exe	smss.exe

Executes dropped EXE 1 IoCs

pid	Process
3012	smss.exe

Loads dropped DLL 2 IoCs

pid	Process
2172	14303216a7dedb014985b13c58308e73.exe
2172	14303216a7dedb014985b13c58308e73.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\smss.exe	14303216a7dedb014985b13c58308e73.exe
File opened for modification	C:\Program Files\Common Files\System\smss.exe	14303216a7dedb014985b13c58308e73.exe
File created	C:\Program Files\Common Files\System\start.bat	smss.exe

Runs regedit.exe 1 IoCs

pid	Process
3052	REGEDIT.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 3012	2172	14303216a7dedb014985b13c58308e73.exe	28
PID 2172 wrote to memory of 3012	2172	14303216a7dedb014985b13c58308e73.exe	28
PID 2172 wrote to memory of 3012	2172	14303216a7dedb014985b13c58308e73.exe	28
PID 2172 wrote to memory of 3012	2172	14303216a7dedb014985b13c58308e73.exe	28
PID 3012 wrote to memory of 3052	3012	smss.exe	29
PID 3012 wrote to memory of 3052	3012	smss.exe	29
PID 3012 wrote to memory of 3052	3012	smss.exe	29
PID 3012 wrote to memory of 3052	3012	smss.exe	29

C:\Program Files\Common Files\System\smss.exe

Filesize
21KB

MD5
14303216a7dedb014985b13c58308e73

SHA1
e1553ed898d1e0aa170573b0d3dda1c181b1928c

SHA256
c61d23e3bdfd9f6d05583e25c98a24f3313e93d77b47d09f06aa2166752e3c3a

SHA512
bd16d8242f3d71c7749060fc134563be7b9e27ab08dce100aa0f3073ed4f28f21c0112c9223e5e3ed3c66338771c861feb05c52c7376581c6e1398fd14a2ec54

Download Submit
C:\Program Files\Common Files\System\start.bat

Filesize
291B

MD5
239692327ed96d1d23daf92e034275d0

SHA1
72368106cfe3dbfa6c7c09068df12b4840a8de23

SHA256
b70c591470a52b92ded3a5fef8bc6cc2d0169573bb2aa53956024811c4116c3c

SHA512
acd5fdc14f16ee7a3f025c742f1077ac1f3459fade751790a64f7bea995195c82be48334cd27ebae5e00a79d1d6a3dbdf468dfc95eba2149b4dbc317df558067

Download Submit
memory/2172-8-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3012-14-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3012-20-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3012-26-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3012-27-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download