6558ac3891d248cc0435d9d6a8c2f2c0a8b608adbb3fa30641ab4fd34f61be03

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 09:22

Target

145be25bec2698cc5dee13b8c66ecf99.exe
Size

962KB
MD5

145be25bec2698cc5dee13b8c66ecf99
SHA1

b9e5991cb5560a3222f7c63fb0de7bb87d9973ea
SHA256

6558ac3891d248cc0435d9d6a8c2f2c0a8b608adbb3fa30641ab4fd34f61be03
SHA512

a92eeedc7e805aa3e71d6c58e3a460dc842c90742ff2e2c1dfb54ec184760aede269e67741b2eea8dc6704289f3915b9bb6a96ca5a718229a6e2d2a5094783de
SSDEEP

24576:qKeyxTAJj7PZFK30B3I9ILWDdhVL0OOsImM/UqM8fi:qKeyRAwEB3w7DOZmmUqBfi

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2008	ilsgniijd.exe

Loads dropped DLL 1 IoCs

pid	Process
1836	145be25bec2698cc5dee13b8c66ecf99.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\aahicexwg\ilsgniijd.exe	145be25bec2698cc5dee13b8c66ecf99.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2008	1836	145be25bec2698cc5dee13b8c66ecf99.exe	28
PID 1836 wrote to memory of 2008	1836	145be25bec2698cc5dee13b8c66ecf99.exe	28
PID 1836 wrote to memory of 2008	1836	145be25bec2698cc5dee13b8c66ecf99.exe	28
PID 1836 wrote to memory of 2008	1836	145be25bec2698cc5dee13b8c66ecf99.exe	28

C:\Users\Admin\AppData\Local\Temp\145be25bec2698cc5dee13b8c66ecf99.exe
"C:\Users\Admin\AppData\Local\Temp\145be25bec2698cc5dee13b8c66ecf99.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\aahicexwg\ilsgniijd.exe
  "C:\Program Files (x86)\aahicexwg\ilsgniijd.exe"
  2⤵
  - Executes dropped EXE
  PID:2008

\Program Files (x86)\aahicexwg\ilsgniijd.exe

Filesize
978KB

MD5
36b2b6ac0de91ca00e4681c91daa5d86

SHA1
ee74b41bba45d9f487d6f2a70c1871b51feef99c

SHA256
1804d0079e582b2d5fcf68eff2b349edf0ffab66854774c9b6da577a2c23d321

SHA512
db8e8cd5e508ca380faa0cc6ce4b5cd8d824ac5319bcd48a9244aa8f9f7492362c03abc80a7ec103145564fed9642ba2227b8a12426031276654049ba8bca796

Download Submit
memory/1836-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1836-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1836-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2008-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2008-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download