48227214cfe67bda9e5512e349d3faa6865aa7a341928fa72b492d9d494edf5b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 02:04

Target

7128202f199e0742463c0a8c120631b7.exe
Size

1.3MB
MD5

7128202f199e0742463c0a8c120631b7
SHA1

216b7b784e30e1e5d9a8551c449ce6aab42098c3
SHA256

48227214cfe67bda9e5512e349d3faa6865aa7a341928fa72b492d9d494edf5b
SHA512

8e396f8acf1652f79f3f4b594916a953eaac8fcb3d4d0f9e426ad187362f8507269f6dedac701e5dac3e40c957b840aedd59717e6d08170631d5b55c4020bfc3
SSDEEP

24576:qKeyxTAJj7PZFK30B3I9ILWDdhV1uBKqu/PJCBrxF/1vvz6tDj:qKeyRAwEB3w7DbuBK18xF/1vvz6x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2344	wbnbeuhwcqqm.exe

Loads dropped DLL 1 IoCs

pid	Process
1988	7128202f199e0742463c0a8c120631b7.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\qvaimblsw\wbnbeuhwcqqm.exe	7128202f199e0742463c0a8c120631b7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2344	1988	7128202f199e0742463c0a8c120631b7.exe	28
PID 1988 wrote to memory of 2344	1988	7128202f199e0742463c0a8c120631b7.exe	28
PID 1988 wrote to memory of 2344	1988	7128202f199e0742463c0a8c120631b7.exe	28
PID 1988 wrote to memory of 2344	1988	7128202f199e0742463c0a8c120631b7.exe	28

C:\Users\Admin\AppData\Local\Temp\7128202f199e0742463c0a8c120631b7.exe
"C:\Users\Admin\AppData\Local\Temp\7128202f199e0742463c0a8c120631b7.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files (x86)\qvaimblsw\wbnbeuhwcqqm.exe
  "C:\Program Files (x86)\qvaimblsw\wbnbeuhwcqqm.exe"
  2⤵
  - Executes dropped EXE
  PID:2344

C:\Program Files (x86)\qvaimblsw\wbnbeuhwcqqm.exe

Filesize
1.4MB

MD5
5921f9e36e40172a75dad3bec454b391

SHA1
49e576f46cb5796297d88e9564e8739aa17ff2d0

SHA256
d20199a206a48d6e6ea2e43545b99114e243b4c60ecb6db213257dc05a3d490a

SHA512
aac400340283988c21d5a15d3c5d0e0bf5aa85c491d9f723537db90605f38b099e5d0db3054ee1bf1c30bebe2b394470eb30a4ee81485f6d39fb946aae523fe8

Download Submit
memory/1988-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1988-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1988-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1988-6-0x0000000001DF0000-0x0000000001E84000-memory.dmp

Filesize
592KB

Download
memory/2344-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2344-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download