06bdc6c3670b4f2d234cacf9d7f45a50f8c2db43c878fadf0f0c0b6c6f7b4cbb

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 19:23

Target

47004da6ca52acc0acb2ce1c44b837a1.exe
Size

759KB
MD5

47004da6ca52acc0acb2ce1c44b837a1
SHA1

8c7f88e47548ed6d141fe5a9fff8344e53d8ed09
SHA256

06bdc6c3670b4f2d234cacf9d7f45a50f8c2db43c878fadf0f0c0b6c6f7b4cbb
SHA512

55ba2442496b35bbc1770fb88f64b88b51f853ea0bf1f56921f4227cfe423f329deeecbe836d2e7fb3aa04554fd321047c940180fdef10a0eb64d88d84a86c1e
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVY+wu+AVsrpk3wgJoVbbD+tKM:qKeyxTAJj7P+yW6mc1YCwuRVsrpO+FGN

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2572	omyrkl.exe

Loads dropped DLL 1 IoCs

pid	Process
2232	47004da6ca52acc0acb2ce1c44b837a1.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\hcow\omyrkl.exe	47004da6ca52acc0acb2ce1c44b837a1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2572	2232	47004da6ca52acc0acb2ce1c44b837a1.exe	28
PID 2232 wrote to memory of 2572	2232	47004da6ca52acc0acb2ce1c44b837a1.exe	28
PID 2232 wrote to memory of 2572	2232	47004da6ca52acc0acb2ce1c44b837a1.exe	28
PID 2232 wrote to memory of 2572	2232	47004da6ca52acc0acb2ce1c44b837a1.exe	28

C:\Users\Admin\AppData\Local\Temp\47004da6ca52acc0acb2ce1c44b837a1.exe
"C:\Users\Admin\AppData\Local\Temp\47004da6ca52acc0acb2ce1c44b837a1.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\hcow\omyrkl.exe
  "C:\Program Files (x86)\hcow\omyrkl.exe"
  2⤵
  - Executes dropped EXE
  PID:2572

\Program Files (x86)\hcow\omyrkl.exe

Filesize
775KB

MD5
707b8ff6004aca6fc3c88251bbb86a96

SHA1
adac411f03f4d0f9c35ec2bfe1ad2d980c9b1125

SHA256
9e7b84374b8aa2d076921fed228a38af4541ad28e8563713db5060f483358d87

SHA512
3ab6b8324ad1707efee23f5dab2e0e727b3f6f81477866bc2ce0a48b96edb560fe62cd1ec5b5ae76fd04ab1b289f03c690eeea1c00a0522ceca7a6ba210e2b35

Download Submit
memory/2232-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2232-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2232-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2572-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2572-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download