8377f14adcb98d8af8e70d74642afc09b6e72cf56aa55d734aafadc41596a317

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 13:50

Target

38afda4effa4cb8a29e8e5b8af91b1e5.exe
Size

10KB
MD5

38afda4effa4cb8a29e8e5b8af91b1e5
SHA1

cd2611d911c37dc68525bc36b24fb69e6cea6f34
SHA256

8377f14adcb98d8af8e70d74642afc09b6e72cf56aa55d734aafadc41596a317
SHA512

83422717402beb076d0177db43e0b99a9da863584a88fc6afdfe80f4d3872976497c4b295a5f81f649ddb0c249a8a4de34ea6af292e0099c6f3b3ddb980e519e
SSDEEP

192:Mf/I9svuInld09g/WigJY+o1BZ+RN8danXfHNavyNh+MaZx1ZQC68IYBKvF:8/I9y3nzYSsi+o1L+uqNai4xT

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2752	cmd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2752	1888	38afda4effa4cb8a29e8e5b8af91b1e5.exe	28
PID 1888 wrote to memory of 2752	1888	38afda4effa4cb8a29e8e5b8af91b1e5.exe	28
PID 1888 wrote to memory of 2752	1888	38afda4effa4cb8a29e8e5b8af91b1e5.exe	28
PID 1888 wrote to memory of 2752	1888	38afda4effa4cb8a29e8e5b8af91b1e5.exe	28

C:\Users\Admin\AppData\Local\Temp\38afda4effa4cb8a29e8e5b8af91b1e5.exe
"C:\Users\Admin\AppData\Local\Temp\38afda4effa4cb8a29e8e5b8af91b1e5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\38afda4effa4cb8a29e8e5b8af91b1e5.exe"
  2⤵
  - Deletes itself
  PID:2752

memory/1888-0-0x0000000000400000-0x000000000090A000-memory.dmp

Filesize
5.0MB

Download
memory/1888-2-0x00000000001B0000-0x00000000001B2000-memory.dmp

Filesize
8KB

Download
memory/1888-1-0x0000000000400000-0x000000000090A000-memory.dmp

Filesize
5.0MB

Download
memory/1888-3-0x0000000000400000-0x000000000090A000-memory.dmp

Filesize
5.0MB

Download