cfa2dfb8a0133c462e2620bb5dd368b39807241c07274e0442dda0ca31e76766

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:03

Target

16af01a4543ec4fa5ecd8d54a4ed9119.exe
Size

647KB
MD5

16af01a4543ec4fa5ecd8d54a4ed9119
SHA1

0873c1f7b9663017640cace306f4b951a0cc5a73
SHA256

cfa2dfb8a0133c462e2620bb5dd368b39807241c07274e0442dda0ca31e76766
SHA512

8d415a038d12342c4bb5a2520b6917e2c9a7c42252c76985ab0ef4029440b0b2efbca60f42c7057d428d0843f960764f5dc99c08afc8da474ff3b2b54de0529f
SSDEEP

12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJLDl16ncmg+3y/iVSabkmujifBmQHv2FkL:7zXKqa8SEijjC+37liXbLbklmfB7P2Fc

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2712	xsivj.exe

Loads dropped DLL 1 IoCs

pid	Process
1756	16af01a4543ec4fa5ecd8d54a4ed9119.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wtzonkkir\xsivj.exe	16af01a4543ec4fa5ecd8d54a4ed9119.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2712	1756	16af01a4543ec4fa5ecd8d54a4ed9119.exe	28
PID 1756 wrote to memory of 2712	1756	16af01a4543ec4fa5ecd8d54a4ed9119.exe	28
PID 1756 wrote to memory of 2712	1756	16af01a4543ec4fa5ecd8d54a4ed9119.exe	28
PID 1756 wrote to memory of 2712	1756	16af01a4543ec4fa5ecd8d54a4ed9119.exe	28

C:\Users\Admin\AppData\Local\Temp\16af01a4543ec4fa5ecd8d54a4ed9119.exe
"C:\Users\Admin\AppData\Local\Temp\16af01a4543ec4fa5ecd8d54a4ed9119.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\wtzonkkir\xsivj.exe
  "C:\Program Files (x86)\wtzonkkir\xsivj.exe"
  2⤵
  - Executes dropped EXE
  PID:2712

\Program Files (x86)\wtzonkkir\xsivj.exe

Filesize
660KB

MD5
344604163001d387ae661d1a9b95b0c7

SHA1
a83f3f9708c1a2ada60dd6bf6554327d32bb78da

SHA256
cfcfad09f707423665a6e0fbf31ee0d8a1d4f3656166ced8ef8a8e0f7690c60c

SHA512
f5bd3df0b2a27d313c0458daef0b6f1d4c4a8ed9150d0b68963b214fc9d32dde6fa34acdff312fb7804d7ff2c7f3234209589b1d83ef813b2382c6866a641ff2

Download Submit
memory/1756-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1756-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1756-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1756-6-0x0000000001D30000-0x0000000001DC4000-memory.dmp

Filesize
592KB

Download
memory/2712-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2712-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download