5d0872d07c6837dbc3bfa85fd8f79da3d83d7bb7504a6de7305833090b214f2c

Analysis

max time kernel
143s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 06:30

Target

8e744f7b07484afcf87c454c6292e944.exe
Size

141KB
MD5

8e744f7b07484afcf87c454c6292e944
SHA1

da845d8219d3315c02f84c27094965d02cdaa76c
SHA256

5d0872d07c6837dbc3bfa85fd8f79da3d83d7bb7504a6de7305833090b214f2c
SHA512

7aa203396d776966e12e262290ce0c95e542b19df7e3f38f1dbfb6282e5bfa0f0a26ccb63ab6c4590f1895bcfad9e5db0007fd5e3b28e0d34f9e62addf1759f0
SSDEEP

3072:JMctdLnq6BXXc8wC+4a0qA15JvZRqQVRjK6bY5:iciRYBZwQ3W+I

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2408	ssvagent.exe

Loads dropped DLL 2 IoCs

pid	Process
2372	8e744f7b07484afcf87c454c6292e944.exe
2408	ssvagent.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2372	2208	8e744f7b07484afcf87c454c6292e944.exe	28
PID 2208 wrote to memory of 2372	2208	8e744f7b07484afcf87c454c6292e944.exe	28
PID 2208 wrote to memory of 2372	2208	8e744f7b07484afcf87c454c6292e944.exe	28
PID 2208 wrote to memory of 2372	2208	8e744f7b07484afcf87c454c6292e944.exe	28
PID 2372 wrote to memory of 2408	2372	8e744f7b07484afcf87c454c6292e944.exe	29
PID 2372 wrote to memory of 2408	2372	8e744f7b07484afcf87c454c6292e944.exe	29
PID 2372 wrote to memory of 2408	2372	8e744f7b07484afcf87c454c6292e944.exe	29
PID 2372 wrote to memory of 2408	2372	8e744f7b07484afcf87c454c6292e944.exe	29

C:\Users\Admin\AppData\Local\Temp\8e744f7b07484afcf87c454c6292e944.exe
"C:\Users\Admin\AppData\Local\Temp\8e744f7b07484afcf87c454c6292e944.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\8e744f7b07484afcf87c454c6292e944.exe
  C:\Users\Admin\AppData\Local\Temp\8e744f7b07484afcf87c454c6292e944.exe
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\ProgramData\Apacha\ssvagent.exe
    "C:\\ProgramData\\Apacha\\ssvagent.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2408

\ProgramData\Apacha\MSVCR110.dll

Filesize
11KB

MD5
e9452a11d861b7ac39f2a509ebdd2c6f

SHA1
dfd4c2b1a4c00c8f123690d6e9bbb6b79c1fccda

SHA256
cff71b69e36cd552ab2eb9bc605269bb6859ddaff2151d1361b0306b922f8a0f

SHA512
f2a1a6c33c4e7b664235173a009e81a63a5cb715721d2449ccfc20fdb18cf24830024b5e5524bc89f2e15afe59fbc853c285b844840dbe06ac23b7c064fc4a3c

Download Submit
\ProgramData\Apacha\ssvagent.exe

Filesize
33KB

MD5
a1b2e0c69badd759742f17d5b73c44d2

SHA1
f1c57afb1cdd8a606e3803d66c859f8899b63152

SHA256
cd7d5ffe6d6e5886a124a0888e38402b32c9026ae209656995c0785194316bc4

SHA512
37494c1756fa3953c334cc71e427c05533f8b00ccb8ad001ace812df04680602c6130372efee8c69043a791d4a592ab32e1cb5d6af039e4fab0574776089c5c7

Download Submit