3edd56e43e77b1cd5f7bf771489b5fcb9bbd99972dbb1ab4bb44ee039a3d168c

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 17:34

Target

77f6555bde14a8a65bcc6b978785b1fc.exe
Size

44KB
MD5

77f6555bde14a8a65bcc6b978785b1fc
SHA1

486bd2cf73db57f9dd7c575d68f51e63b8bfeed9
SHA256

3edd56e43e77b1cd5f7bf771489b5fcb9bbd99972dbb1ab4bb44ee039a3d168c
SHA512

a34a95e3aea14fbb3d399da51840e04334f9bb889050de56d15f48ddf47fb74e8aee83f74211df7bd932c557e2e819f7f4aacf43728970aab8a23bc5e5fe71a0
SSDEEP

768:TaLTKqrOyv4qqeN43msxy4WYU8WCsW+SOoOSm3dh8UZlhP/2DX8tltfi:TwTKgfHd+tJU87CSzm3/ZfGr8tm

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1512	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
792	sdiderij.exe

Loads dropped DLL 2 IoCs

pid	Process
2332	77f6555bde14a8a65bcc6b978785b1fc.exe
2332	77f6555bde14a8a65bcc6b978785b1fc.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2332	77f6555bde14a8a65bcc6b978785b1fc.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 792	2332	77f6555bde14a8a65bcc6b978785b1fc.exe	31
PID 2332 wrote to memory of 792	2332	77f6555bde14a8a65bcc6b978785b1fc.exe	31
PID 2332 wrote to memory of 792	2332	77f6555bde14a8a65bcc6b978785b1fc.exe	31
PID 2332 wrote to memory of 792	2332	77f6555bde14a8a65bcc6b978785b1fc.exe	31
PID 2332 wrote to memory of 1512	2332	77f6555bde14a8a65bcc6b978785b1fc.exe	32
PID 2332 wrote to memory of 1512	2332	77f6555bde14a8a65bcc6b978785b1fc.exe	32
PID 2332 wrote to memory of 1512	2332	77f6555bde14a8a65bcc6b978785b1fc.exe	32
PID 2332 wrote to memory of 1512	2332	77f6555bde14a8a65bcc6b978785b1fc.exe	32

C:\Users\Admin\AppData\Local\Temp\77f6555bde14a8a65bcc6b978785b1fc.exe
"C:\Users\Admin\AppData\Local\Temp\77f6555bde14a8a65bcc6b978785b1fc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2332
- C:\ProgramData\ulcnepwz\sdiderij.exe
  C:\ProgramData\ulcnepwz\sdiderij.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\SysWOW64\cmd.exe
  /c del /f C:\Users\Admin\AppData\Local\Temp\77F655~1.EXE.bak >> NUL
  2⤵
  - Deletes itself
  PID:1512

\ProgramData\ulcnepwz\sdiderij.exe

Filesize
44KB

MD5
77f6555bde14a8a65bcc6b978785b1fc

SHA1
486bd2cf73db57f9dd7c575d68f51e63b8bfeed9

SHA256
3edd56e43e77b1cd5f7bf771489b5fcb9bbd99972dbb1ab4bb44ee039a3d168c

SHA512
a34a95e3aea14fbb3d399da51840e04334f9bb889050de56d15f48ddf47fb74e8aee83f74211df7bd932c557e2e819f7f4aacf43728970aab8a23bc5e5fe71a0

Download Submit