491bcf9fa93f577f6635a71d1170fcd5c6962c6cb8ce92e3f541909978639df5

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 22:25

Target

fcb5164245b5e78d5566bde2ab2506c6.exe
Size

1.1MB
MD5

fcb5164245b5e78d5566bde2ab2506c6
SHA1

759cec277132b66a8ee069b4b388f38b8c5c3d20
SHA256

491bcf9fa93f577f6635a71d1170fcd5c6962c6cb8ce92e3f541909978639df5
SHA512

1de8f2c5b194aa6e1fc10e344fd20f946a20dd2506d57cf7a74e986e22a6286964bdd1adc9fe5a42404bd9d6879f9f8ce86f62b66acbf51c1d9f28861561a56c
SSDEEP

24576:qKeyxTAJnMHn36sQ7H/yQQuYmlswByeiGZAw1m:qKeyRAJe3LqaCY4LyeLZbm

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1096	fiddppposthqq.exe

Loads dropped DLL 1 IoCs

pid	Process
3012	fcb5164245b5e78d5566bde2ab2506c6.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\cojjsrirp\fiddppposthqq.exe	fcb5164245b5e78d5566bde2ab2506c6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 1096	3012	fcb5164245b5e78d5566bde2ab2506c6.exe	28
PID 3012 wrote to memory of 1096	3012	fcb5164245b5e78d5566bde2ab2506c6.exe	28
PID 3012 wrote to memory of 1096	3012	fcb5164245b5e78d5566bde2ab2506c6.exe	28
PID 3012 wrote to memory of 1096	3012	fcb5164245b5e78d5566bde2ab2506c6.exe	28

C:\Users\Admin\AppData\Local\Temp\fcb5164245b5e78d5566bde2ab2506c6.exe
"C:\Users\Admin\AppData\Local\Temp\fcb5164245b5e78d5566bde2ab2506c6.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files (x86)\cojjsrirp\fiddppposthqq.exe
  "C:\Program Files (x86)\cojjsrirp\fiddppposthqq.exe"
  2⤵
  - Executes dropped EXE
  PID:1096

C:\Program Files (x86)\cojjsrirp\fiddppposthqq.exe

Filesize
1.1MB

MD5
1d4cbb088731854cd13e5d2a5d996164

SHA1
94ae1c73be794ffdc7b8868b09b9bd358b3605a4

SHA256
f101c240899c3ebb2fdc9ca5ba2344271070a2d4cec97c83d17b160aaf835e2e

SHA512
1540825ad68e5adcc99367f7271e2538a795271e10de64da2709638aa96d5c167a0fbfce6ef5aa4c1472d3245fe823b00a4b0d50bda084380fc9989f45e1256a

Download Submit
memory/1096-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1096-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1096-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3012-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3012-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3012-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download