cfa3b2c498ee356b544e2300a3f31ebe7a094edbeae002c1cd5b516430df39fd

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 18:10

Target

8fd036f9d481a997bb61467a4779aef3.exe
Size

25KB
MD5

8fd036f9d481a997bb61467a4779aef3
SHA1

5b2e83382d9a5fb6e969eafb5207537e4d2a7b70
SHA256

cfa3b2c498ee356b544e2300a3f31ebe7a094edbeae002c1cd5b516430df39fd
SHA512

16bcdd1886c8bffe0c612ddaa78873a2a6f58e2517670448a34c12e39364fb6d6a38834624bfff08193430d232cbdd0b1c274d7e90dea5cb3fcfe6d1e006981e
SSDEEP

384:lUQsyfkfnWkm6bE6efml64x8Ryyn6f8bErYtub0t8EW/+ZYs2hf:lUWkfWT6bimAyg6kl00tBW/+T2h

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2376	svchost.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
948	8fd036f9d481a997bb61467a4779aef3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 2376	948	8fd036f9d481a997bb61467a4779aef3.exe	28
PID 948 wrote to memory of 2376	948	8fd036f9d481a997bb61467a4779aef3.exe	28
PID 948 wrote to memory of 2376	948	8fd036f9d481a997bb61467a4779aef3.exe	28
PID 948 wrote to memory of 2376	948	8fd036f9d481a997bb61467a4779aef3.exe	28

C:\Users\Admin\AppData\Local\Temp\8fd036f9d481a997bb61467a4779aef3.exe
"C:\Users\Admin\AppData\Local\Temp\8fd036f9d481a997bb61467a4779aef3.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  - Deletes itself
  PID:2376

memory/948-0-0x0000000000340000-0x00000000003F0000-memory.dmp

Filesize
704KB

Download
memory/948-2-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2376-3-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2376-4-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download