89a21f3ca6cb9e3d18b04d8c2f2d2d8f2975ae16bedfe5d56ae0df8a55734f53

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 03:37

Target

5a2c5e4d0be6406b96b96ec26d96e892.exe
Size

1.2MB
MD5

5a2c5e4d0be6406b96b96ec26d96e892
SHA1

84c814842a8b958f294cc61a30e9159f17705e42
SHA256

89a21f3ca6cb9e3d18b04d8c2f2d2d8f2975ae16bedfe5d56ae0df8a55734f53
SHA512

b63936f515ba0d7c2e3afafef46ded27cf271d1cb29bc1b2cb047628d942039126b1bfd36bca09b3e54529ae2b0c026df10221956004baa4d2cea58855a61265
SSDEEP

24576:7zXKqa8SEijjC+37liXbLbklmfB6/tbQdSmKBQXj3LdRWi:7z6qaakjC+3srLAKB61bQd3KaXb/Wi

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1912	mzhv.exe

Loads dropped DLL 1 IoCs

pid	Process
2024	5a2c5e4d0be6406b96b96ec26d96e892.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\quqvjfw\mzhv.exe	5a2c5e4d0be6406b96b96ec26d96e892.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1912	2024	5a2c5e4d0be6406b96b96ec26d96e892.exe	28
PID 2024 wrote to memory of 1912	2024	5a2c5e4d0be6406b96b96ec26d96e892.exe	28
PID 2024 wrote to memory of 1912	2024	5a2c5e4d0be6406b96b96ec26d96e892.exe	28
PID 2024 wrote to memory of 1912	2024	5a2c5e4d0be6406b96b96ec26d96e892.exe	28

C:\Users\Admin\AppData\Local\Temp\5a2c5e4d0be6406b96b96ec26d96e892.exe
"C:\Users\Admin\AppData\Local\Temp\5a2c5e4d0be6406b96b96ec26d96e892.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\quqvjfw\mzhv.exe
  "C:\Program Files (x86)\quqvjfw\mzhv.exe"
  2⤵
  - Executes dropped EXE
  PID:1912

C:\Program Files (x86)\quqvjfw\mzhv.exe

Filesize
811KB

MD5
2ef14cfd7cbc57bb062ae69dd1e0c853

SHA1
0890fd6c4cf9ec603bf60a1a2b45b13d0606ed55

SHA256
a6745a17085744906fd68e54dde0d7c95adf5443bacbe494dab39905d62f4a4f

SHA512
fab2e24611e411687828634da4d3abff3d5dd8e1f69dc0b1f76932bcc292d8d1b5a1e07d447229064344006ccaa24d9a355164c6aec1cd2e18675dd0b2d7c877

Download Submit
\Program Files (x86)\quqvjfw\mzhv.exe

Filesize
1.2MB

MD5
d4c69f28495ff8caadfca1eaaf3f4bd8

SHA1
25f0727231f9cda20359fbbf41e584d291cec7ae

SHA256
9c9bf8ac1517632dc9cc23d71aaabbf298dab08d00e2e2563c7020b0e3a9a9dd

SHA512
86f2ff336a7d4a8fb7c9e75b5d326f393f8ae86a050a0e215ae572708f0e3d9970ec0d34ec4e66bfbc9f495cb6910c1df36b2d07ab7c718ea443af570fe9c78a

Download Submit
memory/1912-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1912-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2024-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2024-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2024-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download