4c0d48ff721832ae43b4a2f619e1ed4205bb96d6aaf40825ebb243a7648e5386

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 18:37

Target

8a3f506a108be81d74d47d319200c7ce.exe
Size

947KB
MD5

8a3f506a108be81d74d47d319200c7ce
SHA1

8ea4901d55a2dbfdb8f9f1c2bb17f9903438ad73
SHA256

4c0d48ff721832ae43b4a2f619e1ed4205bb96d6aaf40825ebb243a7648e5386
SHA512

c43cbc9717bf1a654d5b9f1462d9aa952f92ed8a96eac8e21e9d4d2bb31a7e38338443181d944951c0c16c301d99cdcb867ae49adedb87bdb5d67ceb178c76fe
SSDEEP

24576:dgdhhQGGniba/WPpuvlBEaneHueYQFSMPPoqqWEsS:dqj5s8+elYQFSMPPgoS

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2668	d.exe

Loads dropped DLL 1 IoCs

pid	Process
1724	8a3f506a108be81d74d47d319200c7ce.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\cu\d.exe	8a3f506a108be81d74d47d319200c7ce.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2668	1724	8a3f506a108be81d74d47d319200c7ce.exe	28
PID 1724 wrote to memory of 2668	1724	8a3f506a108be81d74d47d319200c7ce.exe	28
PID 1724 wrote to memory of 2668	1724	8a3f506a108be81d74d47d319200c7ce.exe	28
PID 1724 wrote to memory of 2668	1724	8a3f506a108be81d74d47d319200c7ce.exe	28

C:\Users\Admin\AppData\Local\Temp\8a3f506a108be81d74d47d319200c7ce.exe
"C:\Users\Admin\AppData\Local\Temp\8a3f506a108be81d74d47d319200c7ce.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\cu\d.exe
  "C:\Program Files (x86)\cu\d.exe"
  2⤵
  - Executes dropped EXE
  PID:2668

C:\Program Files (x86)\cu\d.exe

Filesize
555KB

MD5
067d54999d1f00b23a17bbfd00abcb9e

SHA1
2220d5add7b99470717d7f5c2c3e46736d14d845

SHA256
545791f8a33ef5fc6722a5e08d0794d5877e29e38cd6d90a1bad9d39dccb71d9

SHA512
80ec6177d10715660c2d947faa861f97fb2c99b2269656c316889accd3cdd0b400a080e93f02d7b7e4e7bf4d49944cc96a5da3d35c5858a2711a710b12a77e00

Download Submit
\Program Files (x86)\cu\d.exe

Filesize
536KB

MD5
4676bbad82a0b9ba2a36c6da1bbfe424

SHA1
e196a8ccb54190be07b73f4f36fb2055f0165530

SHA256
176240bd5f99cd8e52b58d11d8881b584a416a5292dc32f8a6a89f4a3fa76b1c

SHA512
9958e1bf64cd2546b970c052f882b7872f20ceda1ad8f837147744b798e59d85a0c4494092f5aa84432dccd78c829cc5cc985bc781e953c7900d33e07c320279

Download Submit
memory/1724-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2668-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download