65be2cbff3b128f04147da53e8d3dd618ecb8eed441c529034e17c844220bbda

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 13:11

Target

7771bd0d1e6ac8deb0fe1c70d6fb4fda.exe
Size

818KB
MD5

7771bd0d1e6ac8deb0fe1c70d6fb4fda
SHA1

fde5f614a3facc03900d1880be51f62c43d2fb7a
SHA256

65be2cbff3b128f04147da53e8d3dd618ecb8eed441c529034e17c844220bbda
SHA512

e9cef5903d6fbf9e9742244a2b0941faca1456d45d44a5a6c4a48eb9a0ddd5ad1ea91e3b60166597fbb5a970df02866aeca31345bb5e09f06c6c649b73616047
SSDEEP

24576:7zXKqa8SEijjC+37li6hPHGirn28Wh0gzkG:7z6qaakjC+3sZYQ0gzkG

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1904	pjph.exe

Loads dropped DLL 1 IoCs

pid	Process
1992	7771bd0d1e6ac8deb0fe1c70d6fb4fda.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\flop\pjph.exe	7771bd0d1e6ac8deb0fe1c70d6fb4fda.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1904	1992	7771bd0d1e6ac8deb0fe1c70d6fb4fda.exe	28
PID 1992 wrote to memory of 1904	1992	7771bd0d1e6ac8deb0fe1c70d6fb4fda.exe	28
PID 1992 wrote to memory of 1904	1992	7771bd0d1e6ac8deb0fe1c70d6fb4fda.exe	28
PID 1992 wrote to memory of 1904	1992	7771bd0d1e6ac8deb0fe1c70d6fb4fda.exe	28

C:\Users\Admin\AppData\Local\Temp\7771bd0d1e6ac8deb0fe1c70d6fb4fda.exe
"C:\Users\Admin\AppData\Local\Temp\7771bd0d1e6ac8deb0fe1c70d6fb4fda.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\flop\pjph.exe
  "C:\Program Files (x86)\flop\pjph.exe"
  2⤵
  - Executes dropped EXE
  PID:1904

C:\Program Files (x86)\flop\pjph.exe

Filesize
840KB

MD5
0fc71e0687bf47a5a06c1ea83bb7f2af

SHA1
b93be9c6d19ddcc8e3e7d63c349b111f519c4c5c

SHA256
266db365b2cff801038abbd117b7bcdc07fac3ab7817afb35a65cfdb52db9992

SHA512
27b4e09d31a68012feaa808d3d77ffbe0d4e31a7e7121b84ac59ffcf40982d7da29818622f0726072edebe6df1055860ffa56893c000cb6d43584b34d277dbe5

Download Submit
memory/1904-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1904-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1992-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1992-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1992-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1992-9-0x00000000004A0000-0x0000000000534000-memory.dmp

Filesize
592KB

Download