15c00dab4ca1f005a9fa6d959607de657f9f246aee66f2cf49afb5c250857918

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 05:37

Target

9ae45dcb27305be30bd72a19d15d6729.exe
Size

10KB
MD5

9ae45dcb27305be30bd72a19d15d6729
SHA1

8f220f50c28ff0ee384dfbec2e0a0abd4d47387c
SHA256

15c00dab4ca1f005a9fa6d959607de657f9f246aee66f2cf49afb5c250857918
SHA512

7e881cd73bc407a40702932da08088b971a09b055560fb7cfe54e25812d3506dc9ad311f7fa28dca40bf390441102a50589e4e4a2f2073ab6de2794d5e313b18
SSDEEP

192:5i1csjFCkiTRaC/5AFH2fHSCGOZ6kJNK7h7gr74Pi9H0pRal:bacJjfyCBdadyb0pRm

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2756	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2052	serve.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\serve.exe	9ae45dcb27305be30bd72a19d15d6729.exe
File created	C:\WINDOWS\SysWOW64\MSetole.dll	9ae45dcb27305be30bd72a19d15d6729.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2756	3028	9ae45dcb27305be30bd72a19d15d6729.exe	29
PID 3028 wrote to memory of 2756	3028	9ae45dcb27305be30bd72a19d15d6729.exe	29
PID 3028 wrote to memory of 2756	3028	9ae45dcb27305be30bd72a19d15d6729.exe	29
PID 3028 wrote to memory of 2756	3028	9ae45dcb27305be30bd72a19d15d6729.exe	29

C:\Users\Admin\AppData\Local\Temp\9ae45dcb27305be30bd72a19d15d6729.exe
"C:\Users\Admin\AppData\Local\Temp\9ae45dcb27305be30bd72a19d15d6729.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\cmd.exe
  cmd /c afc9fe2f418b00a0.bat
  2⤵
  - Deletes itself
  PID:2756

C:\Windows\SysWOW64\serve.exe
C:\Windows\SysWOW64\serve.exe
1⤵
- Executes dropped EXE
PID:2052

C:\Users\Admin\AppData\Local\Temp\afc9fe2f418b00a0.bat

Filesize
2KB

MD5
d6a8bcb5f5d83c8ff2d5b9e676bba570

SHA1
2154f79bc6db3fc84bf3dfb2a73eeb100e3411fe

SHA256
63b38bba8584c03fa29d28dfd4fcedd869fa1526c457cb9a64ad79f5101a5bd5

SHA512
aceb09ec9f1af39dd252b32b2a8b1530229029bb8647e9544526fd2d59c5ed7ecbc6e9a42517cf6004a47941eff7953b5516290d5d5b41517e7a237c69a1ea29

Download Submit
C:\Windows\SysWOW64\serve.exe

Filesize
16KB

MD5
1a69c3b2008d38c33061adbb59bfa141

SHA1
61642fafbf80a084038bfde59622919ac81a9804

SHA256
4d90bd1a59d2d2d7ef47b05bde957f0d4349b723cbe949849ce7b3e68d41715d

SHA512
0ef4af5cada08cf0abd6a3b0172492ad1b86269dcb23937a9e97436d5b2104d4b1b8ddfa3d380bf46e0edbe25a0e07e17b77c44cf1b8462e9eabab6d8f821d22

Download Submit