e729074d65ce761b11fb67cac02a649429ffa5559ef4b26d2d4a6becc6a3f93e

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:06

Target

1af1533ac75b4f97a14379e2ac40b443.exe
Size

68KB
MD5

1af1533ac75b4f97a14379e2ac40b443
SHA1

8dceab38f06c928f1579cced18f2d4a8df9092bc
SHA256

e729074d65ce761b11fb67cac02a649429ffa5559ef4b26d2d4a6becc6a3f93e
SHA512

aab5e0ecb761408fedf7bb0bced84be591ad04fe5c23b114211d4305000ae3efc33af96284ce1b327a5cfdaa58de55408b074cb601aff19be090d9779ff3d407
SSDEEP

768:4kEKyxucojQ1lpocrtp/cLN15OAcJ2pzp4F9ZWyzhTqHJrm5SrQ3c:4f3ZFGo2tADzh2H1mc

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
2152	kcien32.exe
3064	kcien32.exe

Loads dropped DLL 4 IoCs

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\kcien32.ini	1af1533ac75b4f97a14379e2ac40b443.exe
File opened for modification	C:\Windows\SysWOW64\kcien32.exe	kcien32.exe
File created	C:\Windows\SysWOW64\kcien32.exe	kcien32.exe
File opened for modification	C:\Windows\SysWOW64\kcien32.ini	kcien32.exe
File opened for modification	C:\Windows\SysWOW64\kcien32.exe	1af1533ac75b4f97a14379e2ac40b443.exe
File created	C:\Windows\SysWOW64\kcien32.exe	1af1533ac75b4f97a14379e2ac40b443.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2152	2436	1af1533ac75b4f97a14379e2ac40b443.exe	28
PID 2436 wrote to memory of 2152	2436	1af1533ac75b4f97a14379e2ac40b443.exe	28
PID 2436 wrote to memory of 2152	2436	1af1533ac75b4f97a14379e2ac40b443.exe	28
PID 2436 wrote to memory of 2152	2436	1af1533ac75b4f97a14379e2ac40b443.exe	28
PID 2152 wrote to memory of 3064	2152	kcien32.exe	29
PID 2152 wrote to memory of 3064	2152	kcien32.exe	29
PID 2152 wrote to memory of 3064	2152	kcien32.exe	29
PID 2152 wrote to memory of 3064	2152	kcien32.exe	29

C:\Windows\SysWOW64\kcien32.ini

Filesize
260B

MD5
6f70799414a66f929b6558edd5532a90

SHA1
81c35b31b16823a3ffc4cb501a4d4717dc80d1db

SHA256
42039061e9c93b4d450ab0cec73cfcf642f09e8eade9057df2921c5f5162d663

SHA512
3ba5046e8b07a38cbcf541b878d4a69f7864bb4ed0558beb5e756344b665835c3bdc38c6d8f3da2ccca91873ee4ec9f460a4a26ffe346d38e99e6e4895bb647b

Download Submit
\Windows\SysWOW64\kcien32.exe

Filesize
68KB

MD5
1af1533ac75b4f97a14379e2ac40b443

SHA1
8dceab38f06c928f1579cced18f2d4a8df9092bc

SHA256
e729074d65ce761b11fb67cac02a649429ffa5559ef4b26d2d4a6becc6a3f93e

SHA512
aab5e0ecb761408fedf7bb0bced84be591ad04fe5c23b114211d4305000ae3efc33af96284ce1b327a5cfdaa58de55408b074cb601aff19be090d9779ff3d407

Download Submit
memory/2152-15-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2152-19-0x0000000000220000-0x0000000000231000-memory.dmp

Filesize
68KB

Download
memory/2152-22-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2152-21-0x0000000000220000-0x0000000000231000-memory.dmp

Filesize
68KB

Download
memory/2436-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2436-6-0x0000000000220000-0x0000000000231000-memory.dmp

Filesize
68KB

Download
memory/2436-12-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download