6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 14:58

Target

6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19.exe
Size

100KB
MD5

86134e6029ca8ef5671ddd6611b8c554
SHA1

045007b8b8c25bf082b1026fca6a95196d4432c9
SHA256

6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19
SHA512

29ae3afed735143bd66e87f5cd36b964c38541191e1761feaeff16488225ce2e14b6e307bb1d31563bbdd7fd10b405e4ed22185f19e00dc8dea51f3d0f2d8923
SSDEEP

768:W7nkhCphZkSwprRN8tdhin4ak/4LojJRisR5bGJEY8ogXKCC6FQxBDGO+T5/Qcw9:+pbQrTCaU4miBEZoa8y4BgucZu

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
2432	smss.exe
2576	smss.exe

Loads dropped DLL 2 IoCs

pid	Process
2920	cmd.exe
2920	cmd.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system\smss.exe	6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19.exe
File created	C:\Windows\system\smss.exe	6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 2920	880	6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19.exe	28
PID 880 wrote to memory of 2920	880	6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19.exe	28
PID 880 wrote to memory of 2920	880	6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19.exe	28
PID 880 wrote to memory of 2920	880	6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19.exe	28
PID 2920 wrote to memory of 2432	2920	cmd.exe	30
PID 2920 wrote to memory of 2432	2920	cmd.exe	30
PID 2920 wrote to memory of 2432	2920	cmd.exe	30
PID 2920 wrote to memory of 2432	2920	cmd.exe	30

C:\Windows\system\smss.exe
C:\Windows\system\smss.exe
1⤵
- Executes dropped EXE
PID:2576

C:\Windows\system\smss.exe

Filesize
100KB

MD5
86134e6029ca8ef5671ddd6611b8c554

SHA1
045007b8b8c25bf082b1026fca6a95196d4432c9

SHA256
6edab3de0a372dc72fdc2c79bc1eefaf0a93968715417b5dab666375852aee19

SHA512
29ae3afed735143bd66e87f5cd36b964c38541191e1761feaeff16488225ce2e14b6e307bb1d31563bbdd7fd10b405e4ed22185f19e00dc8dea51f3d0f2d8923

Download Submit
memory/880-11-0x0000000014000000-0x0000000014020000-memory.dmp

Filesize
128KB

Download
memory/880-12-0x0000000014000000-0x0000000014020000-memory.dmp

Filesize
128KB

Download
memory/2432-17-0x0000000014000000-0x0000000014020000-memory.dmp

Filesize
128KB

Download
memory/2432-20-0x0000000014000000-0x0000000014020000-memory.dmp

Filesize
128KB

Download
memory/2576-19-0x0000000014000000-0x0000000014020000-memory.dmp

Filesize
128KB

Download
memory/2576-21-0x0000000014000000-0x0000000014020000-memory.dmp

Filesize
128KB

Download