1e5674fbf625803af62d1d47c16b98f078782b7c98bb761ad5533ca05365d7a2

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 01:48

Target

47b65810ca00f2f48c6604a95cb5d31d.exe
Size

87KB
MD5

47b65810ca00f2f48c6604a95cb5d31d
SHA1

cf12ebad550e94a250f46a0074afff03dbb48130
SHA256

1e5674fbf625803af62d1d47c16b98f078782b7c98bb761ad5533ca05365d7a2
SHA512

54bc907a72ff913d8f6e1ba75b8c8486cc1ea6332ca762e0c8cb8ce9aed23e8dfd1a5357b810a7733eb036f4e7dc4f5b0fa1f3ffaed038ece5c81382bc7d12b6
SSDEEP

1536:hpUYNnYSs35m47SZGzGP5yUfYmVRK1x8QA5WaCH22KS8GCEUAuR137K06RUp5Y:hpUInYrm47SeGPqmro8QAgateCgc20gj

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1716	47b65810ca00f2f48c6604a95cb5d31d.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\HELP\F3C74E3FA248.dll	47b65810ca00f2f48c6604a95cb5d31d.exe
File opened for modification	C:\Windows\HELP\F3C74E3FA248.dll	47b65810ca00f2f48c6604a95cb5d31d.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ThreadingModel = "Apartment"	47b65810ca00f2f48c6604a95cb5d31d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}	47b65810ca00f2f48c6604a95cb5d31d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\ = "SSUUDL"	47b65810ca00f2f48c6604a95cb5d31d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32	47b65810ca00f2f48c6604a95cb5d31d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ = "C:\\Windows\\HELP\\F3C74E3FA248.dll"	47b65810ca00f2f48c6604a95cb5d31d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1716	47b65810ca00f2f48c6604a95cb5d31d.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2120	1716	47b65810ca00f2f48c6604a95cb5d31d.exe	16
PID 1716 wrote to memory of 2120	1716	47b65810ca00f2f48c6604a95cb5d31d.exe	16
PID 1716 wrote to memory of 2120	1716	47b65810ca00f2f48c6604a95cb5d31d.exe	16
PID 1716 wrote to memory of 2120	1716	47b65810ca00f2f48c6604a95cb5d31d.exe	16
PID 1716 wrote to memory of 2932	1716	47b65810ca00f2f48c6604a95cb5d31d.exe	31
PID 1716 wrote to memory of 2932	1716	47b65810ca00f2f48c6604a95cb5d31d.exe	31
PID 1716 wrote to memory of 2932	1716	47b65810ca00f2f48c6604a95cb5d31d.exe	31
PID 1716 wrote to memory of 2932	1716	47b65810ca00f2f48c6604a95cb5d31d.exe	31

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
63B

MD5
009a9eee4ca4eba149b2139527af32ed

SHA1
0e07a97992361a3cdb17288eb0b62cbea027083a

SHA256
51fe7d6a16cc8944cf2dc90be85fc58dbca47c17b73a61a34be37be4eef6fe12

SHA512
cce598a1343003d929e1b6839dd87d21163ccdc948fee313ca5aefc55f94a5d785ca712e4a2ee411a8fd5fb665476cf7bbff2601117531820eaae031b32b431b

Download Submit
\Windows\Help\F3C74E3FA248.dll

Filesize
70KB

MD5
43b5eb248bb29598d35fb991a7f6a819

SHA1
b3d0aecbfaeb73a81b323cca690a1d372f02c0ed

SHA256
3beba40c5451387a78125182b504d1b7831d7886320810493e2bca9e5f24a190

SHA512
a06f8a90db395b9e61b9627bf53665207c4990edc3ec15aa64c4afad0cebef0bf11eeca5512f92c298c580593a8f8be465efbe57b701cf151af13b4d09f9bd83

Download Submit
memory/1716-0-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/1716-9-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/1716-24-0x0000000001C80000-0x0000000001CC9000-memory.dmp

Filesize
292KB

Download
memory/1716-23-0x0000000001C80000-0x0000000001CC9000-memory.dmp

Filesize
292KB

Download
memory/1716-21-0x0000000001C80000-0x0000000001CC9000-memory.dmp

Filesize
292KB

Download
memory/1716-25-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download