e70efc29fc21a41888681451a114a2c67b08f9dbcee5c5bd1fbd1b58ae464a75

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:35

Target

1e9e3091a6b3266327e9c05f635c9465.exe
Size

63KB
MD5

1e9e3091a6b3266327e9c05f635c9465
SHA1

d9b13a5cea4d7d3b39abb8874e433f8c349ddf03
SHA256

e70efc29fc21a41888681451a114a2c67b08f9dbcee5c5bd1fbd1b58ae464a75
SHA512

94b3f225b79088125f8eec9a66c63d94fffcf528f0ca186af97d8cfc443488ff98d5cf9a855ac4591b73db9dfb50f38cf7bf17164f04ba31ffa376c63c05a41d
SSDEEP

768:UtdkpTrPfvARwCuJ22GE3lKdwfeoOvpxq:UtSARwZNGJwWoOvfq

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1912	Stp11DC_TMP.EXE

Loads dropped DLL 2 IoCs

pid	Process
3012	1e9e3091a6b3266327e9c05f635c9465.exe
3012	1e9e3091a6b3266327e9c05f635c9465.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 1912	3012	1e9e3091a6b3266327e9c05f635c9465.exe	28
PID 3012 wrote to memory of 1912	3012	1e9e3091a6b3266327e9c05f635c9465.exe	28
PID 3012 wrote to memory of 1912	3012	1e9e3091a6b3266327e9c05f635c9465.exe	28
PID 3012 wrote to memory of 1912	3012	1e9e3091a6b3266327e9c05f635c9465.exe	28
PID 3012 wrote to memory of 1912	3012	1e9e3091a6b3266327e9c05f635c9465.exe	28
PID 3012 wrote to memory of 1912	3012	1e9e3091a6b3266327e9c05f635c9465.exe	28
PID 3012 wrote to memory of 1912	3012	1e9e3091a6b3266327e9c05f635c9465.exe	28

C:\Users\Admin\AppData\Local\Temp\1e9e3091a6b3266327e9c05f635c9465.exe
"C:\Users\Admin\AppData\Local\Temp\1e9e3091a6b3266327e9c05f635c9465.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\Stp11DC_TMP.EXE
  "C:\Users\Admin\AppData\Local\Temp\Stp11DC_TMP.EXE"
  2⤵
  - Executes dropped EXE
  PID:1912

C:\Users\Admin\AppData\Local\Temp\Stp11DC_TMP.EXE

Filesize
257KB

MD5
b7be404ea0781cd2956f32f363ae5088

SHA1
e974f14973fc4766d18252e7d6252ffc68211a8b

SHA256
54f03d9396a6e21fbf4f11389bb2e568d128404eb02c4930eb6ca77be8368a08

SHA512
b14090cdccf68d9eff5e317f1809cd9178f8a9b1ccfa8d997009a1007378101e5fb0ab4e47f71451dc00b291005cc9318ce3b07108b48d77c899725840e71749

Download Submit
\Users\Admin\AppData\Local\Temp\Stp11DC_TMP.EXE

Filesize
41KB

MD5
29ce7ce4e9ddd179979e05f0e3775336

SHA1
b6d48961d59e25d023590acdb8fc49249e718177

SHA256
60a5f726bcd466110f1d968513db3075fd91c26af5d3b9ade5052fda5bbfc5d6

SHA512
1fdc4d44509a7aa043eeffb2cec723ba3635ce4fd54f424a05066d15b4faeb1c8fef1ae1869f5068f643361091ecaa1e81bcb8691177cd396417af4dc827dff5

Download Submit
\Users\Admin\AppData\Local\Temp\Stp11DC_TMP.EXE

Filesize
769KB

MD5
b6965e527c4aace8088eedf34602d0d8

SHA1
d65f2a63d70f9bf76fe8a9ab0fd569b7b1f156e0

SHA256
0f747a59b528c191ce705361d5fa9b42503160167aa7561ba8cf09f29843889e

SHA512
41e5c0d5353aa525c8c5d6e1a3587308bf979b8fb4c9ad29df5d412d61a5a634dd0ba943722d7e7a7a7f5ca7acb657845cbc377a861d6ba66d5815dbc2470bea

Download Submit