e880a704db106a1c4ab31c24c568f398ab9f4d3608c09c5ba2ff4ec00a249c80

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 05:29

Target

9adf86edcd428ad104d1fd5044214943.exe
Size

748KB
MD5

9adf86edcd428ad104d1fd5044214943
SHA1

7ec05e179514197e4a21603cb5e042ce8845a741
SHA256

e880a704db106a1c4ab31c24c568f398ab9f4d3608c09c5ba2ff4ec00a249c80
SHA512

4db03e3ca6246cd3312d5b1a6da80f2ffee7afbe333358bb5b5a01aab2a4077bb863a1e63d6253a5987f3865d3cfa0ef5b63f166416f8442d509f77516f289a7
SSDEEP

12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJLDl164NkCadqvgnZ4zTOAOYSfieFXQCHv:7zXKqa8SEijjC+37li4daoInr1YSfi6P

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1736	walu.exe

Loads dropped DLL 1 IoCs

pid	Process
2100	9adf86edcd428ad104d1fd5044214943.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\epkzfdzmb\walu.exe	9adf86edcd428ad104d1fd5044214943.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1736	2100	9adf86edcd428ad104d1fd5044214943.exe	28
PID 2100 wrote to memory of 1736	2100	9adf86edcd428ad104d1fd5044214943.exe	28
PID 2100 wrote to memory of 1736	2100	9adf86edcd428ad104d1fd5044214943.exe	28
PID 2100 wrote to memory of 1736	2100	9adf86edcd428ad104d1fd5044214943.exe	28

C:\Users\Admin\AppData\Local\Temp\9adf86edcd428ad104d1fd5044214943.exe
"C:\Users\Admin\AppData\Local\Temp\9adf86edcd428ad104d1fd5044214943.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files (x86)\epkzfdzmb\walu.exe
  "C:\Program Files (x86)\epkzfdzmb\walu.exe"
  2⤵
  - Executes dropped EXE
  PID:1736

\Program Files (x86)\epkzfdzmb\walu.exe

Filesize
773KB

MD5
dff0f16199f4774ca2fc0eef4939530b

SHA1
cc3a67e6256ed0c44f3346e9634fcd918afbd093

SHA256
d1080f36d4a7d8a83cd0071796a975f57759c8d1b8e108bc1035d5f7e0446d40

SHA512
1451542d01848c421d7e800be8ee3a7815ab7a64c5b877018689915df868d0a1ba6c30c49e710511dc82b49676682b4aebb48574a3c3d1c56081b3f331aee4fa

Download Submit
memory/1736-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1736-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1736-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2100-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2100-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2100-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download