c18641e4357da9bfe2e15a041cc6259c46f94f19429e474595eb192db5fffb60

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 01:55

Target

3b9848a74f8f3849dbf1e8cc5338fc7d.exe
Size

82KB
MD5

3b9848a74f8f3849dbf1e8cc5338fc7d
SHA1

36a289fa98747a0a35d2dfd7a2c6eb5a3731593e
SHA256

c18641e4357da9bfe2e15a041cc6259c46f94f19429e474595eb192db5fffb60
SHA512

8abdf92c416f3e1ff10a240ddae03b807a5eb416a80d8a577dfabbb8b7b34e198592836e2a0e0bdca5bb3571d5ec17a8c3800bf0a76d145be5f7f73f5ddd786a
SSDEEP

1536:AvEXGjRCTEpcBTghbTIR8UyezwtD3L9+GRovfKCRVC/:AcaRC5BTg9XUIrx+GM/s

Score

7^/10

aspackv2

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
behavioral1/files/0x000c000000013138-5.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1740	2724784902004

Loads dropped DLL 1 IoCs

pid	Process
3000	3b9848a74f8f3849dbf1e8cc5338fc7d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1740	3000	3b9848a74f8f3849dbf1e8cc5338fc7d.exe	28
PID 3000 wrote to memory of 1740	3000	3b9848a74f8f3849dbf1e8cc5338fc7d.exe	28
PID 3000 wrote to memory of 1740	3000	3b9848a74f8f3849dbf1e8cc5338fc7d.exe	28
PID 3000 wrote to memory of 1740	3000	3b9848a74f8f3849dbf1e8cc5338fc7d.exe	28

C:\Users\Admin\AppData\Local\Temp\3b9848a74f8f3849dbf1e8cc5338fc7d.exe
"C:\Users\Admin\AppData\Local\Temp\3b9848a74f8f3849dbf1e8cc5338fc7d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\2724784902004
  C:\Users\Admin\AppData\Local\Temp\2724784902004 "http://streamingporntv.com/inwm.data"
  2⤵
  - Executes dropped EXE
  PID:1740

C:\Users\Admin\AppData\Local\Temp\2724784902004

Filesize
42KB

MD5
4fcc92c9b8343d3798ce03f9cde46f62

SHA1
37f4c038877744503c6e4ac15d99cd1844d3253b

SHA256
55f0d7e7ead5eb7e8aeae456e539191e50b2bdd7f06c4cc02808396f1c68f7b6

SHA512
dcf22c297e266f82a84739302fbb0a180781cdcfbba2371994a5958268d0a713f15aadbc4b290e33f2eccc3a6597b785d9e8e7d0d8b2d54bd7240236e06ab02e

Download Submit
memory/1740-13-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1740-14-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3000-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3000-10-0x00000000001C0000-0x00000000001E0000-memory.dmp

Filesize
128KB

Download
memory/3000-17-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download