f16ca2056d872f1cae446a151e057fe1d5744f6f26889881050f254008c5a5b4

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20-01-2024 20:00

Target

ghdfg64.exe
Size

14.4MB
MD5

0dc7d0b6fd6bd2e157f3be4b6b20fe4d
SHA1

5784f5beb1cd3b5aa222aaf0484c52547d5759a5
SHA256

f16ca2056d872f1cae446a151e057fe1d5744f6f26889881050f254008c5a5b4
SHA512

8274ba73140c6c1b7005ae3fbc84f320e1e7181d12507518ba8a6854d02ceeecfca314378c8247e9bc30c85ecd4f159e15774f5fa2f8362a5911c14fd3c69160
SSDEEP

393216:qiIE7YoPQPdQuslSq99oWOv+9fg/kMeTl2Y:T7rPQPdQuSDorvSY/k/l

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2628	ghdfg64.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2628	1740	ghdfg64.exe	28
PID 1740 wrote to memory of 2628	1740	ghdfg64.exe	28
PID 1740 wrote to memory of 2628	1740	ghdfg64.exe	28

C:\Users\Admin\AppData\Local\Temp\ghdfg64.exe
"C:\Users\Admin\AppData\Local\Temp\ghdfg64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\ghdfg64.exe
  "C:\Users\Admin\AppData\Local\Temp\ghdfg64.exe"
  2⤵
  - Loads dropped DLL
  PID:2628

C:\Users\Admin\AppData\Local\Temp\_MEI17402\python310.dll

Filesize
3.9MB

MD5
bc22165e956bb639948df10549293f69

SHA1
29f768ce6a214b97c3f3ef53bd96b106e8458c60

SHA256
e5d85210f8a83ab227cdf8151e8d25a3ef9eeac08165f9b89eed7452f4638d3c

SHA512
7b14a1c459e6747b39259596c567fcfcea7f94ce67eb3cd2cec7dbdd84f8a96a23d2fcce3807da6276adea3e34095e7224ca52d0637f9040664dffba002048bf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17402\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit