3fe5a4c91a9aaa512e3ad94fada750ee34eeb97d602368dd5edd97aa55a98361

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 12:37

Target

text.scr
Size

76KB
MD5

9f273fb9b89bcaecc09740a08bb323f0
SHA1

e30028f0924770ce4ace3ab6360b7b79025f3356
SHA256

1b6ae6137baf03eaf2be42d5591381f2fe84d13111be5dd5b8d75dbfbfbc283f
SHA512

edd5777e4cc7249271d67eef40b8f89365725a23cbd0d2e12ba936738554302d4b6db1d9c7775ae999970ca21de90f17d47343e57bf26731009ffe3865494ade
SSDEEP

768:KhrjraNxlczzRHJ63AtecEoDecpJpDnxf6OC0conu4IO7migLV7NMDoLCSSSSSSr:KtOPSbjxlpfrgonuWmvntS

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1704	taskgmrr.exe

Loads dropped DLL 2 IoCs

pid	Process
2052	text.scr
2052	text.scr

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\taskgmrr.exe	text.scr
File opened for modification	C:\Windows\SysWOW64\taskgmrr.exe	text.scr

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1704	2052	text.scr	28
PID 2052 wrote to memory of 1704	2052	text.scr	28
PID 2052 wrote to memory of 1704	2052	text.scr	28
PID 2052 wrote to memory of 1704	2052	text.scr	28

C:\Users\Admin\AppData\Local\Temp\text.scr
"C:\Users\Admin\AppData\Local\Temp\text.scr" /S
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\taskgmrr.exe
  C:\Windows\system32\taskgmrr.exe
  2⤵
  - Executes dropped EXE
  PID:1704

\Windows\SysWOW64\taskgmrr.exe

Filesize
76KB

MD5
9f273fb9b89bcaecc09740a08bb323f0

SHA1
e30028f0924770ce4ace3ab6360b7b79025f3356

SHA256
1b6ae6137baf03eaf2be42d5591381f2fe84d13111be5dd5b8d75dbfbfbc283f

SHA512
edd5777e4cc7249271d67eef40b8f89365725a23cbd0d2e12ba936738554302d4b6db1d9c7775ae999970ca21de90f17d47343e57bf26731009ffe3865494ade

Download Submit
memory/1704-10-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2052-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2052-9-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2052-11-0x0000000000220000-0x0000000000244000-memory.dmp

Filesize
144KB

Download