f4d23ab6ba5830822b4bbe16bd3e162669b5b01a86235ef29d7c1ee6a953a475

Analysis

max time kernel
41s
max time network
18s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 20:32

Target

TDRB.exe
Size

8.8MB
MD5

ece938da04c98c2f8b46a873b67fd0a7
SHA1

30d793d577a87f77e8c71d10f3c66d1b4fa34bf1
SHA256

f4d23ab6ba5830822b4bbe16bd3e162669b5b01a86235ef29d7c1ee6a953a475
SHA512

1cd4373c08fdaa469464240e75ea3eafff1f9da8429c97ac3e39009abe2c2e79b64cfb5f1c8617aa39df4adc8b51c42f8f83fe3baff828fe7491b7872e3a26fc
SSDEEP

196608:vfOMfHd2H5NDil9LgQY7dQmRJ8dA6lAIkaqdVTk2L8AebLsnk:Oc9QDD5dQuslAIwdcuk

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2892	TDRB.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2892	2780	TDRB.exe	29
PID 2780 wrote to memory of 2892	2780	TDRB.exe	29
PID 2780 wrote to memory of 2892	2780	TDRB.exe	29

C:\Users\Admin\AppData\Local\Temp\TDRB.exe
"C:\Users\Admin\AppData\Local\Temp\TDRB.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Users\Admin\AppData\Local\Temp\TDRB.exe
  "C:\Users\Admin\AppData\Local\Temp\TDRB.exe"
  2⤵
  - Loads dropped DLL
  PID:2892

C:\Users\Admin\AppData\Local\Temp\_MEI27802\python310.dll

Filesize
4.3MB

MD5
342ba224fe440b585db4e9d2fc9f86cd

SHA1
bfa3d380231166f7c2603ca89a984a5cad9752ab

SHA256
cdb8158dcf4f10517bd73e1334fc354fd98180d4455f29e3df2b0aa699fa2432

SHA512
daa990ff3770a39b778f672f2596ab4050bff9b16bb2222e5712327df82d18f39ac5100e3b592a5db9e88302e6e94c06881fbf61431e7670ff287f7f222254c1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27802\python310.dll

Filesize
3.8MB

MD5
286e224818aabed79cc7fbbf06e70c05

SHA1
6c6e51e62f2c0112f6d83024d047214d0e62423b

SHA256
4a478c8f65ea371190f4cd7969d51449ea3ca729e1dc0b8c0c9a45190347a8f2

SHA512
4e1cd88dd4a2de13055395ef1ba41934cddb2e3b45935061fff2f5a2a82e26e771de2d35b42838e192b29eb1d5307bf83f3ca1163809d9418769ad8b524f99df

Download Submit