6302ed025efc3902f2b8a18430f9f78956b0acf43710a75c5cdf82d98ef6eb35

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 13:06

Target

568a5b71f9807eb6a4ddf26285dd949a.exe
Size

51KB
MD5

568a5b71f9807eb6a4ddf26285dd949a
SHA1

832b5583214f50c4ea31e732879faef0dd245529
SHA256

6302ed025efc3902f2b8a18430f9f78956b0acf43710a75c5cdf82d98ef6eb35
SHA512

5a36f2c07560a8fad21581b08be920d2adb7af3e6140963279dfb165f144965a7d6997d056317549819d62b5eed20b090929079bbb4c00fc671f2075ddd95e64
SSDEEP

1536:UF+qxQcJxJljitFbOlFu2a+PpcVioN43:ObxJT9m4lFuH+ci

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2988	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2680	servet.exe
2884	servet.exe

Loads dropped DLL 3 IoCs

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\servet.exe	servet.exe
File created	C:\Windows\SysWOW64\servet.exe	568a5b71f9807eb6a4ddf26285dd949a.exe
File opened for modification	C:\Windows\SysWOW64\servet.exe	568a5b71f9807eb6a4ddf26285dd949a.exe
File created	C:\Windows\SysWOW64\Deledomn.bat	568a5b71f9807eb6a4ddf26285dd949a.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1996 set thread context of 2116	1996	568a5b71f9807eb6a4ddf26285dd949a.exe	27
PID 2680 set thread context of 2884	2680	servet.exe	29

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2116	1996	568a5b71f9807eb6a4ddf26285dd949a.exe	27
PID 1996 wrote to memory of 2116	1996	568a5b71f9807eb6a4ddf26285dd949a.exe	27
PID 1996 wrote to memory of 2116	1996	568a5b71f9807eb6a4ddf26285dd949a.exe	27
PID 1996 wrote to memory of 2116	1996	568a5b71f9807eb6a4ddf26285dd949a.exe	27
PID 1996 wrote to memory of 2116	1996	568a5b71f9807eb6a4ddf26285dd949a.exe	27
PID 1996 wrote to memory of 2116	1996	568a5b71f9807eb6a4ddf26285dd949a.exe	27
PID 2116 wrote to memory of 2680	2116	568a5b71f9807eb6a4ddf26285dd949a.exe	28
PID 2116 wrote to memory of 2680	2116	568a5b71f9807eb6a4ddf26285dd949a.exe	28
PID 2116 wrote to memory of 2680	2116	568a5b71f9807eb6a4ddf26285dd949a.exe	28
PID 2116 wrote to memory of 2680	2116	568a5b71f9807eb6a4ddf26285dd949a.exe	28
PID 2680 wrote to memory of 2884	2680	servet.exe	29
PID 2680 wrote to memory of 2884	2680	servet.exe	29
PID 2680 wrote to memory of 2884	2680	servet.exe	29
PID 2680 wrote to memory of 2884	2680	servet.exe	29
PID 2680 wrote to memory of 2884	2680	servet.exe	29
PID 2680 wrote to memory of 2884	2680	servet.exe	29
PID 2116 wrote to memory of 2988	2116	568a5b71f9807eb6a4ddf26285dd949a.exe	30
PID 2116 wrote to memory of 2988	2116	568a5b71f9807eb6a4ddf26285dd949a.exe	30
PID 2116 wrote to memory of 2988	2116	568a5b71f9807eb6a4ddf26285dd949a.exe	30
PID 2116 wrote to memory of 2988	2116	568a5b71f9807eb6a4ddf26285dd949a.exe	30

C:\Windows\SysWOW64\Deledomn.bat

Filesize
184B

MD5
4106016dc915abc93553d47fdc84497c

SHA1
7a503ff7ea13fd8d17e2e0600d2bea4e8fe7c763

SHA256
22683421055ce9f9a9129b800912c7c4de471b69713677ef4042b2f34b3d288d

SHA512
ad8577f9916697a7cfeb73e8ab63830aa171aa1834571cb496868b662a59df0a331e1b1a88816ade4d8a7c13d4ddec628e77a24bdb7808cc2f1dd1807d7dc393

Download Submit
\Windows\SysWOW64\servet.exe

Filesize
51KB

MD5
568a5b71f9807eb6a4ddf26285dd949a

SHA1
832b5583214f50c4ea31e732879faef0dd245529

SHA256
6302ed025efc3902f2b8a18430f9f78956b0acf43710a75c5cdf82d98ef6eb35

SHA512
5a36f2c07560a8fad21581b08be920d2adb7af3e6140963279dfb165f144965a7d6997d056317549819d62b5eed20b090929079bbb4c00fc671f2075ddd95e64

Download Submit
memory/1996-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2116-0-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2116-3-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2116-27-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2680-18-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2884-26-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2884-28-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download