e63d80572285e3c143f772acb811520bc52073cbab3e136002cc34e14f90a4c8

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 02:15

Target

87ba15a2e95b9fd6702242f65a094b87.exe
Size

965KB
MD5

87ba15a2e95b9fd6702242f65a094b87
SHA1

26e30cf9e81647295c09bb72edbc5ab5951f6507
SHA256

e63d80572285e3c143f772acb811520bc52073cbab3e136002cc34e14f90a4c8
SHA512

e8ae9fd05003382954c54536d1311de40588e704a625f66386a0b1eca7840258f8fb0558e3d2091b3335b51e60ae0a28204b7c76f608436e00b5e1897e3f2f07
SSDEEP

24576:qKeyxTAJj7P+yW6mc1YCwuv6ez8quGqYXOnfTjGlsV+:qKeyRA0y9fWCw28Men7jG5

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2168	bbaszln.exe

Loads dropped DLL 1 IoCs

pid	Process
532	87ba15a2e95b9fd6702242f65a094b87.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wlbnpekr\bbaszln.exe	87ba15a2e95b9fd6702242f65a094b87.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 2168	532	87ba15a2e95b9fd6702242f65a094b87.exe	28
PID 532 wrote to memory of 2168	532	87ba15a2e95b9fd6702242f65a094b87.exe	28
PID 532 wrote to memory of 2168	532	87ba15a2e95b9fd6702242f65a094b87.exe	28
PID 532 wrote to memory of 2168	532	87ba15a2e95b9fd6702242f65a094b87.exe	28

C:\Users\Admin\AppData\Local\Temp\87ba15a2e95b9fd6702242f65a094b87.exe
"C:\Users\Admin\AppData\Local\Temp\87ba15a2e95b9fd6702242f65a094b87.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:532
- C:\Program Files (x86)\wlbnpekr\bbaszln.exe
  "C:\Program Files (x86)\wlbnpekr\bbaszln.exe"
  2⤵
  - Executes dropped EXE
  PID:2168

C:\Program Files (x86)\wlbnpekr\bbaszln.exe

Filesize
978KB

MD5
34f0dba26622af2116ebc6164c7ea6ec

SHA1
1dde54583b9980fb5f1be0f2e8ab746e0745451d

SHA256
0dc6f8d1aaae5ef24fc8baaddbbcf398c8b4671b67f0e4a60e790a0a31bdfb6a

SHA512
cec96675e910adc8ca0519e35118fd84ced386955e4a9bffa7f3cc7dcac2ecd23914a5ae4188d88c0682590cfe45fe5d31b08784c351896033ea362327a7b8cf

Download Submit
memory/532-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/532-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/532-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/532-7-0x00000000007F0000-0x0000000000884000-memory.dmp

Filesize
592KB

Download
memory/532-11-0x00000000007F0000-0x0000000000884000-memory.dmp

Filesize
592KB

Download
memory/2168-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2168-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download