d87c5a2a6756dbc08413254d283e17269b6ce007bd2836ab6288a6ae2c7144f2

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 20:23

Target

denick.exe
Size

6.2MB
MD5

48c7f9194439e39004e1d7522d155e2e
SHA1

6d84d90b4352c1c90c4427b9f6219771b282d019
SHA256

d87c5a2a6756dbc08413254d283e17269b6ce007bd2836ab6288a6ae2c7144f2
SHA512

826d7fd1cb5d63c088a516eb629e962a6748339d1b57be8f089265ab8a7b7de3f8093477d56fd9ef6536cb8868f380294368176685948a5d0b4cc779a1b761c2
SSDEEP

196608:R9+wZjL2Vmd6+D3c/f/+ScEjU+f5D1kKne:GcL2Vmd6m3c/eMUQ5x5e

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2724	denick.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2724	2132	denick.exe	29
PID 2132 wrote to memory of 2724	2132	denick.exe	29
PID 2132 wrote to memory of 2724	2132	denick.exe	29

C:\Users\Admin\AppData\Local\Temp\denick.exe
"C:\Users\Admin\AppData\Local\Temp\denick.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\denick.exe
  "C:\Users\Admin\AppData\Local\Temp\denick.exe"
  2⤵
  - Loads dropped DLL
  PID:2724

C:\Users\Admin\AppData\Local\Temp\_MEI21322\python310.dll

Filesize
507KB

MD5
22c8bb3d32c075629ec3cc0ebe71a20f

SHA1
fc2187ae09f6fde2c005b91800c1f33a69b8b0be

SHA256
180a5c6dbf3728c5b08e599fa1e4323bac55e0d71b61543c10a3da70fabcf6a0

SHA512
a4b64cb57b8b62012aa9625ae5439ced5e411754f6daeda6f214d5184488cff4c35e9e47fabc394558e712a6cb4cf295de441ca4c535f6019ef798cb2ae32c37

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit