7eca12ff4f09c869d43768403b6f55326b2f7a75bdf1edf705a23832f1a9688a

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:51

Target

13c5f9f2fdefcbb324bddd3517e2c09a.exe
Size

1.5MB
MD5

13c5f9f2fdefcbb324bddd3517e2c09a
SHA1

25095fe859344aa4eb6649f75f292e27d1db27c3
SHA256

7eca12ff4f09c869d43768403b6f55326b2f7a75bdf1edf705a23832f1a9688a
SHA512

e18b2e37013a05c8ca2da415058b745d3e70e25c9bae4fdce009699e56ca7c62f6a027d37debe6555fa9bb9bc5c646756d98dcfbd9f108a312c6fcb3838ab239
SSDEEP

24576:JkK8OsTTpEtcsSJv8At+7a7hHDBeS2ZHZQfHfPH9UlPZ3O:+loSJHxhj4ShHQZ3O

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2192	cmd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2192	2208	13c5f9f2fdefcbb324bddd3517e2c09a.exe	28
PID 2208 wrote to memory of 2192	2208	13c5f9f2fdefcbb324bddd3517e2c09a.exe	28
PID 2208 wrote to memory of 2192	2208	13c5f9f2fdefcbb324bddd3517e2c09a.exe	28
PID 2208 wrote to memory of 2192	2208	13c5f9f2fdefcbb324bddd3517e2c09a.exe	28

C:\Users\Admin\AppData\Local\Temp\13c5f9f2fdefcbb324bddd3517e2c09a.exe
"C:\Users\Admin\AppData\Local\Temp\13c5f9f2fdefcbb324bddd3517e2c09a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\$2s3d.bat
  2⤵
  - Deletes itself
  PID:2192

C:\Users\Admin\AppData\Local\Temp\$2s3d.bat

Filesize
227B

MD5
be392bdb2909c648a352e2bc0e43ebb6

SHA1
960f4a73b71bd7ca35f5c3abf1ebb92d211a6145

SHA256
7bb6bb18e1c3fd1c0b6ae5bfb0ef743bd2c1f910a858a1cc0d38e596eeb2405d

SHA512
a932fb8269a3dd0dd3189541267d2f476d866e81ca687aac7f43dd90a532c78f68036d2ae5d93fee93d96be090f6f7fd3bd4a18d30be81eafed6ad3b3594ff3e

Download Submit
memory/2208-0-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2208-8-0x0000000000400000-0x000000000058D000-memory.dmp

Filesize
1.6MB

Download