480deac6da4001a0e43539573146e396ff9f520c39fe07755b937129835d9c07

Analysis

max time kernel
118s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 12:44

Target

50966c7a6a9ae3c3261432de6ec69eda.exe
Size

1.6MB
MD5

50966c7a6a9ae3c3261432de6ec69eda
SHA1

10054a6bccfeda62bfccfee96ce9c448391c262d
SHA256

480deac6da4001a0e43539573146e396ff9f520c39fe07755b937129835d9c07
SHA512

1d7c036bf1181d51c2e75c8c2b478d1561d027b4699f6f677cadaecf587eeed2053036d861feae7690fc191156ede1dde410888fdb05597ba73003ffe0155f38
SSDEEP

24576:dgdhhQGGnnazLpj4VHogiuGYNycAavew3mwmI1nk30sKbcGOyRWEMbA:dqgazxcGYN139lnk30rp

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2440	dx.exe

Loads dropped DLL 1 IoCs

pid	Process
2076	50966c7a6a9ae3c3261432de6ec69eda.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\cb\dx.exe	50966c7a6a9ae3c3261432de6ec69eda.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2440	2076	50966c7a6a9ae3c3261432de6ec69eda.exe	28
PID 2076 wrote to memory of 2440	2076	50966c7a6a9ae3c3261432de6ec69eda.exe	28
PID 2076 wrote to memory of 2440	2076	50966c7a6a9ae3c3261432de6ec69eda.exe	28
PID 2076 wrote to memory of 2440	2076	50966c7a6a9ae3c3261432de6ec69eda.exe	28

C:\Users\Admin\AppData\Local\Temp\50966c7a6a9ae3c3261432de6ec69eda.exe
"C:\Users\Admin\AppData\Local\Temp\50966c7a6a9ae3c3261432de6ec69eda.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files (x86)\cb\dx.exe
  "C:\Program Files (x86)\cb\dx.exe"
  2⤵
  - Executes dropped EXE
  PID:2440

\Program Files (x86)\cb\dx.exe

Filesize
1.6MB

MD5
a8850e5e3c184b0558f2ce45fd387130

SHA1
dd76160827a108522c603a53880731af05d56ce0

SHA256
162d1ed090497d499918afa193367a94dc54127b1a5021f153d6c4b807529008

SHA512
28148bc5d580a67489b245f49d8143e971a6b7fac1e5522ad8f7c1ca1a87cba86afeb62d24575b01eeec0ace741ad36ebe3b89e457cdc48653b3c3bd480ebd3a

Download Submit
memory/2076-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2440-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download