531a784de4255cc3567f49bb90bfee737f793bd3e35d1b00ea9cea49e2b7adb6

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 01:30

Target

8b0a6485dadb1894875b00c8010e0550.exe
Size

92KB
MD5

8b0a6485dadb1894875b00c8010e0550
SHA1

e7db2a3c1323fbac1540a8ca45a56df0931d24ab
SHA256

531a784de4255cc3567f49bb90bfee737f793bd3e35d1b00ea9cea49e2b7adb6
SHA512

dfdf82b481fc5407a8d7524a00c7e9a8cbce854163cf7fb98240f851d161bc121ac4af88efcadfe0ca1129524b25070eb1355bfc9b3f988ba26e904880c187d0
SSDEEP

1536:YfsRrCqzTIg692VvSWfn2aMnlr2Z2Z7YGK/+GN:YfsRJR69WvVfn2a8lw0KBN

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1208	1.exe-crypted.exe.ucc.exe

Loads dropped DLL 2 IoCs

pid	Process
2060	8b0a6485dadb1894875b00c8010e0550.exe
2060	8b0a6485dadb1894875b00c8010e0550.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1208	1.exe-crypted.exe.ucc.exe
1208	1.exe-crypted.exe.ucc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2060	8b0a6485dadb1894875b00c8010e0550.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 1208	2060	8b0a6485dadb1894875b00c8010e0550.exe	28
PID 2060 wrote to memory of 1208	2060	8b0a6485dadb1894875b00c8010e0550.exe	28
PID 2060 wrote to memory of 1208	2060	8b0a6485dadb1894875b00c8010e0550.exe	28
PID 2060 wrote to memory of 1208	2060	8b0a6485dadb1894875b00c8010e0550.exe	28
PID 1208 wrote to memory of 1076	1208	1.exe-crypted.exe.ucc.exe	14
PID 1208 wrote to memory of 1076	1208	1.exe-crypted.exe.ucc.exe	14
PID 1208 wrote to memory of 1076	1208	1.exe-crypted.exe.ucc.exe	14
PID 1208 wrote to memory of 1076	1208	1.exe-crypted.exe.ucc.exe	14
PID 1208 wrote to memory of 1076	1208	1.exe-crypted.exe.ucc.exe	14
PID 1208 wrote to memory of 1076	1208	1.exe-crypted.exe.ucc.exe	14

\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe

Filesize
28KB

MD5
781b2b39db867ac8f2d3fb186b2f092b

SHA1
5e6f963bcf788e6301ace9a639d59c3091f05a6c

SHA256
ee39c328fe46eb0721fa0e0c72d0db22c5cf284aa28f3df6a8e4120a7c33257c

SHA512
c565d51a20b065292cad3202ef38ada12a50d0030eb3b2f51771d3f4a1bba92133dc739e18d11ae7bc1a8cd7ef1833e9136469144921ed250bdc463926612e73

Download Submit
memory/1076-21-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1076-27-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/1208-18-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1208-20-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1208-39-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2060-11-0x0000000000340000-0x0000000000349000-memory.dmp

Filesize
36KB

Download