ef0087602e77b5db21befc2070268271f93ca7647352e8a2bedfef676f94bd66

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 19:27

Target

41b775aead1e83c01f256f1f8d024d30.exe
Size

638KB
MD5

41b775aead1e83c01f256f1f8d024d30
SHA1

fac5a1f2d5937cf01e306759676b7ed2ab208acf
SHA256

ef0087602e77b5db21befc2070268271f93ca7647352e8a2bedfef676f94bd66
SHA512

e3666b9664f49df86f074d4d2fdf22350cacabfea1e75b088ff16d98e7f3b05e1b4a7fe0fa0144c98bfed01e83aac8ea0b4f61674fd9cd747ff711efa6beb973
SSDEEP

12288:MLry/neyx7f/A64j7PV/F2VC+QyHDaiyJ2WvyiRPsbZQdLjngno9:qKeyxTAJj7PV/s4k+oW6itPl6w

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2740	juwgonqcjkxkl.exe

Loads dropped DLL 1 IoCs

pid	Process
2548	41b775aead1e83c01f256f1f8d024d30.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\cxxelg\juwgonqcjkxkl.exe	41b775aead1e83c01f256f1f8d024d30.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2740	2548	41b775aead1e83c01f256f1f8d024d30.exe	17
PID 2548 wrote to memory of 2740	2548	41b775aead1e83c01f256f1f8d024d30.exe	17
PID 2548 wrote to memory of 2740	2548	41b775aead1e83c01f256f1f8d024d30.exe	17
PID 2548 wrote to memory of 2740	2548	41b775aead1e83c01f256f1f8d024d30.exe	17

C:\Users\Admin\AppData\Local\Temp\41b775aead1e83c01f256f1f8d024d30.exe
"C:\Users\Admin\AppData\Local\Temp\41b775aead1e83c01f256f1f8d024d30.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\cxxelg\juwgonqcjkxkl.exe
  "C:\Program Files (x86)\cxxelg\juwgonqcjkxkl.exe"
  2⤵
  - Executes dropped EXE
  PID:2740

C:\Program Files (x86)\cxxelg\juwgonqcjkxkl.exe

Filesize
126KB

MD5
c8ec0c9c0e7ea3e55b27749cab1c82a4

SHA1
2eb3cedc2dfd2ce13e7a06276901bda0b82eebd7

SHA256
ea834694563294fa50e0d7bef126dd4a3fff8463e200aafe3df17a3909b6dd8f

SHA512
94b5dda813e74921ccc5fba01ccb7586b07e2b3e3e513e1d03ffe4ddec56abcd369551034ec33418c48ebc9669c4464766fd2ac861a011e46c52f9faa5b35f37

Download Submit
\Program Files (x86)\cxxelg\juwgonqcjkxkl.exe

Filesize
136KB

MD5
f5753c8478ad139301b8d59e1fc03dfc

SHA1
22145a2f8eb765fc06d9e89e3d916f513909c3b4

SHA256
42e81ddb3bbb7c1914fbd0cf8cdb15dc810d361bc2e5584bc1c190497c5cef86

SHA512
422cd308be4e85c92f67b5862045a073e5fe6cea09662845ab8e3f162b9144070f595befac52928cfc4b8af46b7da48a5cb457b211fd1d3fdcc6e84dc23d2b2e

Download Submit
memory/2548-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2548-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2548-6-0x0000000001DB0000-0x0000000001E44000-memory.dmp

Filesize
592KB

Download
memory/2548-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2740-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2740-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download