9c56f99fa857c08edd11edfd006572fef3caaa43e05c5f7467673ac32f259714

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 12:44

Target

7764058ce508b410a9fa210a77c03b63.exe
Size

88KB
MD5

7764058ce508b410a9fa210a77c03b63
SHA1

c85eef5b94ddca97719e69631de10ad3c88cfa92
SHA256

9c56f99fa857c08edd11edfd006572fef3caaa43e05c5f7467673ac32f259714
SHA512

95fbad75e66c44fd3519b57b18f518468137443a23bb9db1d5d2dfecec28bcee3becf94a6bf36343d8d39dd9fd17cb47cac6edb3754773d38e5fe876df18f4f7
SSDEEP

1536:qf5rVaW+1tSeeHwdQ2w/f7MJzRU60WUiZ8gRZJosvl6bRnhFZG:qf5cavHwdQ2wro30AZ8GM66bRnhFZG

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2460	cmd.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\java\AFF995DC4281.dll	7764058ce508b410a9fa210a77c03b63.exe
File created	C:\Windows\java\AFF995DC4281.exe	7764058ce508b410a9fa210a77c03b63.exe
File opened for modification	C:\Windows\java\AFF995DC4281.exe	7764058ce508b410a9fa210a77c03b63.exe
File created	C:\Windows\1.bat	7764058ce508b410a9fa210a77c03b63.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 2460	760	7764058ce508b410a9fa210a77c03b63.exe	28
PID 760 wrote to memory of 2460	760	7764058ce508b410a9fa210a77c03b63.exe	28
PID 760 wrote to memory of 2460	760	7764058ce508b410a9fa210a77c03b63.exe	28
PID 760 wrote to memory of 2460	760	7764058ce508b410a9fa210a77c03b63.exe	28

C:\Users\Admin\AppData\Local\Temp\7764058ce508b410a9fa210a77c03b63.exe
"C:\Users\Admin\AppData\Local\Temp\7764058ce508b410a9fa210a77c03b63.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\1.bat
  2⤵
  - Deletes itself
  PID:2460

C:\Windows\1.bat

Filesize
184B

MD5
479c5525ac94f6d4e5836f0e7d42ee5b

SHA1
582f584797d1f7cb614471e1c621520ffd303731

SHA256
e5d67712680154d5e11901b38e83e3d22bc3e3ece37fac1cf0f5d60ad85bb983

SHA512
d83268c7bcb8ff9e1c0d728c88f8a2fa6361da1ad271af1b4d45bc61af0a9ee3142c49da3468facf08f4a45ec339d97aa51e60e0361dc4f5286f8b891e8727f6

Download Submit
memory/760-0-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/760-8-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download