ad03fdc3e988b1ea54fcefa9a31be7b97558a4bbc05ea68f3f3387b9757add05

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 07:58

Target

5dfbbeaf5327b3bfb2ed37aaf464ddf6.exe
Size

865KB
MD5

5dfbbeaf5327b3bfb2ed37aaf464ddf6
SHA1

520b9d5148c87bfc7ac5ad2dacf79656d84f6dfd
SHA256

ad03fdc3e988b1ea54fcefa9a31be7b97558a4bbc05ea68f3f3387b9757add05
SHA512

f3136b28722211e5cbcd31d77b37456f5ba26b6ae456d706957bb1c3dc25672a993c26a976e7d33d8cf90c0bbae9032c903a490637e98cb86b3e965eda7d5749
SSDEEP

12288:MLry/neyx7f/A64j7PYV3H/BxJsQYrFy698hi2hT4wgfP3xeb07snchWh4:qKeyxTAJj7PYJvYN9+i2Z4wWht7sncw4

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2552	bbyrao.exe

Loads dropped DLL 1 IoCs

pid	Process
2532	5dfbbeaf5327b3bfb2ed37aaf464ddf6.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\vsmgoamr\bbyrao.exe	5dfbbeaf5327b3bfb2ed37aaf464ddf6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2552	2532	5dfbbeaf5327b3bfb2ed37aaf464ddf6.exe	28
PID 2532 wrote to memory of 2552	2532	5dfbbeaf5327b3bfb2ed37aaf464ddf6.exe	28
PID 2532 wrote to memory of 2552	2532	5dfbbeaf5327b3bfb2ed37aaf464ddf6.exe	28
PID 2532 wrote to memory of 2552	2532	5dfbbeaf5327b3bfb2ed37aaf464ddf6.exe	28

C:\Users\Admin\AppData\Local\Temp\5dfbbeaf5327b3bfb2ed37aaf464ddf6.exe
"C:\Users\Admin\AppData\Local\Temp\5dfbbeaf5327b3bfb2ed37aaf464ddf6.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Program Files (x86)\vsmgoamr\bbyrao.exe
  "C:\Program Files (x86)\vsmgoamr\bbyrao.exe"
  2⤵
  - Executes dropped EXE
  PID:2552

C:\Program Files (x86)\vsmgoamr\bbyrao.exe

Filesize
63KB

MD5
c21661d367bdc0b2f885848b7630f0e0

SHA1
8aba7cfa50b8356f5fd6f38f0e4c3a1b36efbfa2

SHA256
1c1a0e3d2838b34bc18b9cf0ff1c452c1a4756d85a6b25021772fc41f50cbc57

SHA512
f24120d0ea2ad662ccfb513a5afb13dbac4210fc80ceb6c2d1a0a98fa00f334554a90be1d58b4c4612191ae2be79b0ed2ec6ec9708f166c6ca852779d9ca011d

Download Submit
\Program Files (x86)\vsmgoamr\bbyrao.exe

Filesize
136KB

MD5
f5753c8478ad139301b8d59e1fc03dfc

SHA1
22145a2f8eb765fc06d9e89e3d916f513909c3b4

SHA256
42e81ddb3bbb7c1914fbd0cf8cdb15dc810d361bc2e5584bc1c190497c5cef86

SHA512
422cd308be4e85c92f67b5862045a073e5fe6cea09662845ab8e3f162b9144070f595befac52928cfc4b8af46b7da48a5cb457b211fd1d3fdcc6e84dc23d2b2e

Download Submit
memory/2532-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2532-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2532-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2532-6-0x0000000000330000-0x00000000003C4000-memory.dmp

Filesize
592KB

Download
memory/2552-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2552-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download