12f7ffc817f235b4f659100182278496343cd79e53181d0f7e081f3c55896515

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 19:22

Target

51660048d36ba4c7f0f4c1fb2e738461.exe
Size

837KB
MD5

51660048d36ba4c7f0f4c1fb2e738461
SHA1

dbc2131302f5794aa5223571e30dada5a6718b3d
SHA256

12f7ffc817f235b4f659100182278496343cd79e53181d0f7e081f3c55896515
SHA512

a30a5c8406aa52d46b9275d14a1b4fa817dcdaf1c286c1a2936d942d8715d7a958ed759861753f1adfcc343e9932cbd188da51721539ed289b500a3f2e99f575
SSDEEP

24576:OFdd0TTbZ3tI+rXkPE+PZ1itepHnf/GPQq/ozAVABp1:OvdGa+jMPZo49uP9g+AB

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3020	51660048d36ba4c7f0f4c1fb2e738461.tmp

Loads dropped DLL 1 IoCs

pid	Process
2960	51660048d36ba4c7f0f4c1fb2e738461.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 3020	2960	51660048d36ba4c7f0f4c1fb2e738461.exe	28
PID 2960 wrote to memory of 3020	2960	51660048d36ba4c7f0f4c1fb2e738461.exe	28
PID 2960 wrote to memory of 3020	2960	51660048d36ba4c7f0f4c1fb2e738461.exe	28
PID 2960 wrote to memory of 3020	2960	51660048d36ba4c7f0f4c1fb2e738461.exe	28
PID 2960 wrote to memory of 3020	2960	51660048d36ba4c7f0f4c1fb2e738461.exe	28
PID 2960 wrote to memory of 3020	2960	51660048d36ba4c7f0f4c1fb2e738461.exe	28
PID 2960 wrote to memory of 3020	2960	51660048d36ba4c7f0f4c1fb2e738461.exe	28

C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe
"C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Users\Admin\AppData\Local\Temp\is-5PTSF.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5PTSF.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp" /SL5="$17014E,814666,148992,C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe"
  2⤵
  - Executes dropped EXE
  PID:3020

\Users\Admin\AppData\Local\Temp\is-5PTSF.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp

Filesize
61KB

MD5
5e0b2c13aa1c4934c8d2b5905dacac29

SHA1
2dfe171365d9d5015dc7298c1ba9da7d6ac1b60e

SHA256
e7af1542c4354e20641ed1978a36cf84b5f6cbe117f8e705a27d254d52e5ab82

SHA512
ad3bc71aa6ddea00de502604a641b730ecbcdb782a6a4b1a490ce70b5bf18fc5af802e7ab91a3cd7a95cf5b65c68ba9e86cf7e014eb41c37dd036f234a03645a

Download Submit
memory/2960-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2960-9-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3020-7-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download