090d879dba019310bc6866ff848447fe7567557ca4586c64fa8b7d79adbd1b0d

Analysis

max time kernel
119s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 05:32

Target

577fad3e53e76238c2fcc8d7106cba06.exe
Size

779KB
MD5

577fad3e53e76238c2fcc8d7106cba06
SHA1

dc19d9f4f278c4f13fe6cc6ebe39bb3a3e995070
SHA256

090d879dba019310bc6866ff848447fe7567557ca4586c64fa8b7d79adbd1b0d
SHA512

edc297a1717fa2785524051ded46741ea22a20d8303bbd533c061d03d3906d9048ac07c827aa74171ae1e6a324c66c7b5435f89a5b9bb23846627195e46021cd
SSDEEP

24576:7zXKqa8SEijjC+37li4daoInr1YSfi6HfRG7T2OuGjMi0CY38:7z6qaakjC+3s4da1nHzfKDbY38

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2852	aegr.exe

Loads dropped DLL 1 IoCs

pid	Process
2708	577fad3e53e76238c2fcc8d7106cba06.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\fjmembwqd\aegr.exe	577fad3e53e76238c2fcc8d7106cba06.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2852	2708	577fad3e53e76238c2fcc8d7106cba06.exe	16
PID 2708 wrote to memory of 2852	2708	577fad3e53e76238c2fcc8d7106cba06.exe	16
PID 2708 wrote to memory of 2852	2708	577fad3e53e76238c2fcc8d7106cba06.exe	16
PID 2708 wrote to memory of 2852	2708	577fad3e53e76238c2fcc8d7106cba06.exe	16

C:\Users\Admin\AppData\Local\Temp\577fad3e53e76238c2fcc8d7106cba06.exe
"C:\Users\Admin\AppData\Local\Temp\577fad3e53e76238c2fcc8d7106cba06.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files (x86)\fjmembwqd\aegr.exe
  "C:\Program Files (x86)\fjmembwqd\aegr.exe"
  2⤵
  - Executes dropped EXE
  PID:2852

C:\Program Files (x86)\fjmembwqd\aegr.exe

Filesize
795KB

MD5
a386452873f6cb906a77f11f6876ee08

SHA1
d34054c1aaadcc8b4d057b709c252296e5313011

SHA256
bd51fe4a96ff0b35407811939fa7337dd4b0bd8902f6a15f440b49a05ed1c290

SHA512
054e18e5a7b4e2d9bde3c1b397951fad89bceb1610167102d81d11b940c06d8c74f9eb2a46fa73ff91483cf4198625a6547cefbd80caacec7a3b8e6deea4b008

Download Submit
memory/2708-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2708-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2708-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2852-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2852-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download