499aedc02c1f6fe422cebd2c513346c1d5d474f8b33f121b0e1332f44cd2d2e8

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 16:33

Target

51106a564002320f30435aa6c25b8dd3.exe
Size

2.0MB
MD5

51106a564002320f30435aa6c25b8dd3
SHA1

4304b24f723fbfafbcffa96cc7a5cfea7525ad06
SHA256

499aedc02c1f6fe422cebd2c513346c1d5d474f8b33f121b0e1332f44cd2d2e8
SHA512

8a6462a0a8c229ad5161a274988b0e159ea7698e631f5f37b6e76610463cc446249b6c20b42e57ddc014a1d2eb900d52cbae0574029b433f0029dec9a58b0400
SSDEEP

24576:dgdhhQGGnnazLpj4VHogiuGYNycAavew3mwmI1nk30sKbcGOyRWEMVM8w8sm/FvN:dqgazxcGYN139lnk30raxpX

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3000	pg.exe

Loads dropped DLL 1 IoCs

pid	Process
2932	51106a564002320f30435aa6c25b8dd3.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\olmtt\pg.exe	51106a564002320f30435aa6c25b8dd3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3000	2932	51106a564002320f30435aa6c25b8dd3.exe	28
PID 2932 wrote to memory of 3000	2932	51106a564002320f30435aa6c25b8dd3.exe	28
PID 2932 wrote to memory of 3000	2932	51106a564002320f30435aa6c25b8dd3.exe	28
PID 2932 wrote to memory of 3000	2932	51106a564002320f30435aa6c25b8dd3.exe	28

C:\Users\Admin\AppData\Local\Temp\51106a564002320f30435aa6c25b8dd3.exe
"C:\Users\Admin\AppData\Local\Temp\51106a564002320f30435aa6c25b8dd3.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\olmtt\pg.exe
  "C:\Program Files (x86)\olmtt\pg.exe"
  2⤵
  - Executes dropped EXE
  PID:3000

\Program Files (x86)\olmtt\pg.exe

Filesize
2.0MB

MD5
78d5fb110789890d06a9ef4c1d5fa425

SHA1
4a435bcd80090445d5e02808ba3598ca5823367f

SHA256
514054888dcf2fa0b3184d4ad61a86be4ea689419d805ab1dfef112e3257700d

SHA512
309e3662819f27eafd51e7a472c35d5780e593bc2b2922a0bd7b2308b9c883052dde088c879a5fbea1b0e00ed09edaea89111285e7d1161a57deadc2ca2de8f1

Download Submit
memory/2932-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3000-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download