9ffc9032a1b4f78a2f6f5436b0b23250a3fc8474ce4c14f6ec3622e476467481

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 23:46

Target

076fa6228ce85eab763a4955b02523d1.exe
Size

568KB
MD5

076fa6228ce85eab763a4955b02523d1
SHA1

466d18538ba6d6fbd49c5824b79e3f8ab6322722
SHA256

9ffc9032a1b4f78a2f6f5436b0b23250a3fc8474ce4c14f6ec3622e476467481
SHA512

ede94375af9ff0e038a07e8ac404fe7dd50fd02e1b7fc5121f3f45452e65198c07be2e912d5125c594088ca61dd5d81c081a9a75e8b995a8b33f1fee80c1c0a8
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhRx9DJ6c6zpk45a9VJSRRJ:qKeyxTAJj7P+yjPJMk2GJyJ

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2732	tkcfeckzj.exe

Loads dropped DLL 1 IoCs

pid	Process
2536	076fa6228ce85eab763a4955b02523d1.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\oyrs\tkcfeckzj.exe	076fa6228ce85eab763a4955b02523d1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2732	2536	076fa6228ce85eab763a4955b02523d1.exe	16
PID 2536 wrote to memory of 2732	2536	076fa6228ce85eab763a4955b02523d1.exe	16
PID 2536 wrote to memory of 2732	2536	076fa6228ce85eab763a4955b02523d1.exe	16
PID 2536 wrote to memory of 2732	2536	076fa6228ce85eab763a4955b02523d1.exe	16

C:\Users\Admin\AppData\Local\Temp\076fa6228ce85eab763a4955b02523d1.exe
"C:\Users\Admin\AppData\Local\Temp\076fa6228ce85eab763a4955b02523d1.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\oyrs\tkcfeckzj.exe
  "C:\Program Files (x86)\oyrs\tkcfeckzj.exe"
  2⤵
  - Executes dropped EXE
  PID:2732

\Program Files (x86)\oyrs\tkcfeckzj.exe

Filesize
590KB

MD5
80f8744dba866dec49eb25aaffe24166

SHA1
a8d811bf42f636ced958805567134e53b7426ba7

SHA256
99b32b6fdfc7447b182157f50f97199bbac071bd8aefbf44c2ecc07ad44458e9

SHA512
9bd05273d5a32e0937d338054d3a4cdbe1000cbc1c0275bb0e64fa03dac00c276f657564edbf1edb23a1e72955d77cde71155bae42c2a25d8b7d57f2de46ebb3

Download Submit
memory/2536-7-0x0000000001CF0000-0x0000000001D84000-memory.dmp

Filesize
592KB

Download
memory/2536-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2536-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2536-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2732-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2732-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download