aa8aa4d07b7908567da52a7c08a5929cbe499f5dcbe15f9fef0a7eb26500a9fd

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:09

Target

1983fb10d5cd4114274b108688e6ad9a.exe
Size

1.0MB
MD5

1983fb10d5cd4114274b108688e6ad9a
SHA1

d0477a9b453cdfb6b491403e1877fedf05d371a9
SHA256

aa8aa4d07b7908567da52a7c08a5929cbe499f5dcbe15f9fef0a7eb26500a9fd
SHA512

ad1c5acdc2cf60ebe63e7ea39f989d813abee0207a064870ab001be4c56c7e10cb23272a818b3e862ac0c8bef91a44a77c305284715d21fbb07ae1c2a04cab06
SSDEEP

24576:qKeyxTAJj7PZFK30B3I9ILWDdhVL0OOsIF5UsYv:qKeyRAwEB3w7DOZLUsG

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2988	xhebli.exe

Loads dropped DLL 1 IoCs

pid	Process
2136	1983fb10d5cd4114274b108688e6ad9a.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\xjpqbu\xhebli.exe	1983fb10d5cd4114274b108688e6ad9a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2988	2136	1983fb10d5cd4114274b108688e6ad9a.exe	28
PID 2136 wrote to memory of 2988	2136	1983fb10d5cd4114274b108688e6ad9a.exe	28
PID 2136 wrote to memory of 2988	2136	1983fb10d5cd4114274b108688e6ad9a.exe	28
PID 2136 wrote to memory of 2988	2136	1983fb10d5cd4114274b108688e6ad9a.exe	28

C:\Users\Admin\AppData\Local\Temp\1983fb10d5cd4114274b108688e6ad9a.exe
"C:\Users\Admin\AppData\Local\Temp\1983fb10d5cd4114274b108688e6ad9a.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\xjpqbu\xhebli.exe
  "C:\Program Files (x86)\xjpqbu\xhebli.exe"
  2⤵
  - Executes dropped EXE
  PID:2988

\Program Files (x86)\xjpqbu\xhebli.exe

Filesize
1.1MB

MD5
d6a184951207ff8fb81116562e8d6095

SHA1
3617d8b37e5601f32b5f2c34ebf25e1c213f8da6

SHA256
fecd3cd841a5e3ff847ade53213f05ea07989d550956d7c7aa101212d24ca221

SHA512
13388d3c07b71f8f8f7b2bd8c1a04c527a80d58a0e66b538c9cc2d20da095b09f72ecdbf78ff92fe09b5b08af9f1c99d5d2747d51d71b730af8164eb579e5c83

Download Submit
memory/2136-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2136-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2136-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2136-6-0x0000000001D70000-0x0000000001E04000-memory.dmp

Filesize
592KB

Download
memory/2988-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download