c84b5f63992b480e3684a142210ec953bf4bce56920a2f2e8bff5b77322b5447

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 05:52

Target

2abe7cca18dce6e2749f69846e9c489e.exe
Size

209KB
MD5

2abe7cca18dce6e2749f69846e9c489e
SHA1

bdcbf059df02a81e2841c08fe487b2175e0a61dc
SHA256

c84b5f63992b480e3684a142210ec953bf4bce56920a2f2e8bff5b77322b5447
SHA512

f27350c959c01b5ffa9c632720b8c88cc87c65583fd04c9a3dcbdada8afee4a582ccd2d48bf2a27be783ef0bfb6e716dd83570aa7e1f683613e70df6bf9c8919
SSDEEP

6144:1ldgA0AZVEJagGwtZ24vMjzJW9XOAvhTQ:dguVEJptZ2Eq0xOAp0

Score

7^/10

Executes dropped EXE 4 IoCs

Loads dropped DLL 8 IoCs

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2940	2724	2abe7cca18dce6e2749f69846e9c489e.exe	21
PID 2724 wrote to memory of 2940	2724	2abe7cca18dce6e2749f69846e9c489e.exe	21
PID 2724 wrote to memory of 2940	2724	2abe7cca18dce6e2749f69846e9c489e.exe	21
PID 2724 wrote to memory of 2940	2724	2abe7cca18dce6e2749f69846e9c489e.exe	21
PID 2940 wrote to memory of 2828	2940	cmd.exe	20
PID 2940 wrote to memory of 2828	2940	cmd.exe	20
PID 2940 wrote to memory of 2828	2940	cmd.exe	20
PID 2940 wrote to memory of 2828	2940	cmd.exe	20
PID 2828 wrote to memory of 2612	2828	u.dll	19
PID 2828 wrote to memory of 2612	2828	u.dll	19
PID 2828 wrote to memory of 2612	2828	u.dll	19
PID 2828 wrote to memory of 2612	2828	u.dll	19
PID 2940 wrote to memory of 2444	2940	cmd.exe	18
PID 2940 wrote to memory of 2444	2940	cmd.exe	18
PID 2940 wrote to memory of 2444	2940	cmd.exe	18
PID 2940 wrote to memory of 2444	2940	cmd.exe	18
PID 2444 wrote to memory of 2032	2444	u.dll	17
PID 2444 wrote to memory of 2032	2444	u.dll	17
PID 2444 wrote to memory of 2032	2444	u.dll	17
PID 2444 wrote to memory of 2032	2444	u.dll	17
PID 2940 wrote to memory of 2388	2940	cmd.exe	16
PID 2940 wrote to memory of 2388	2940	cmd.exe	16
PID 2940 wrote to memory of 2388	2940	cmd.exe	16
PID 2940 wrote to memory of 2388	2940	cmd.exe	16

C:\Users\Admin\AppData\Local\Temp\F4C.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\F4C.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeF4D.tmp"
1⤵
- Executes dropped EXE
PID:2032

C:\Users\Admin\AppData\Local\Temp\E72.tmp\mpress.exe
"C:\Users\Admin\AppData\Local\Temp\E72.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeE73.tmp"
1⤵
- Executes dropped EXE
PID:2612

C:\Users\Admin\AppData\Local\Temp\2abe7cca18dce6e2749f69846e9c489e.exe
"C:\Users\Admin\AppData\Local\Temp\2abe7cca18dce6e2749f69846e9c489e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2724

memory/2032-140-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2032-145-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-138-0x0000000000650000-0x0000000000684000-memory.dmp

Filesize
208KB

Download
memory/2612-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2612-76-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2724-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2724-154-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2828-69-0x0000000001D40000-0x0000000001D74000-memory.dmp

Filesize
208KB

Download
memory/2828-67-0x0000000001D40000-0x0000000001D74000-memory.dmp

Filesize
208KB

Download