60b6e52bee9cbcdd78b4a14ecb4eeaacc06cf240c13f4048784d7005381aad12

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 22:11

Target

a0770cd6ce00085fd442ec5afcf194fc.exe
Size

407KB
MD5

a0770cd6ce00085fd442ec5afcf194fc
SHA1

3bb0493abcaad0978abae7ebc1652cc1c03120ac
SHA256

60b6e52bee9cbcdd78b4a14ecb4eeaacc06cf240c13f4048784d7005381aad12
SHA512

87a54656fec1913af04aca82b5d41bcc8b68913463ade2ebfd26382080b6537096af90311a2da0f4e9d41f4688dfeb2fc1ee79a87dd709f0cf8bbfbb7e87e86d
SSDEEP

6144:MTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh36rSLL64j7W4+yQrOx5Yszv8QnqZne:MLry/neyx7f/A64j7P+tixhT87ne

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2096	vhzpd.exe

Loads dropped DLL 1 IoCs

pid	Process
1740	a0770cd6ce00085fd442ec5afcf194fc.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\cypojiwkio\vhzpd.exe	a0770cd6ce00085fd442ec5afcf194fc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2096	1740	a0770cd6ce00085fd442ec5afcf194fc.exe	28
PID 1740 wrote to memory of 2096	1740	a0770cd6ce00085fd442ec5afcf194fc.exe	28
PID 1740 wrote to memory of 2096	1740	a0770cd6ce00085fd442ec5afcf194fc.exe	28
PID 1740 wrote to memory of 2096	1740	a0770cd6ce00085fd442ec5afcf194fc.exe	28

C:\Users\Admin\AppData\Local\Temp\a0770cd6ce00085fd442ec5afcf194fc.exe
"C:\Users\Admin\AppData\Local\Temp\a0770cd6ce00085fd442ec5afcf194fc.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\cypojiwkio\vhzpd.exe
  "C:\Program Files (x86)\cypojiwkio\vhzpd.exe"
  2⤵
  - Executes dropped EXE
  PID:2096

C:\Program Files (x86)\cypojiwkio\vhzpd.exe

Filesize
29KB

MD5
3ccb5e57c54b41c93ebb0b27ae2b8d30

SHA1
8a6cb4d8557ff97df651d2930003c211dd3d967f

SHA256
0ecf9b3c2f44d7edd2a54503e439caaca91de02fd2039f20bbccfc497e5fc131

SHA512
b3db0eec1efd97e5076c869d98f3d0659ed527fd8ca627db405238eeffedec98b913cc332dda1f3160b523c63d404c523d9632215c2e1eb4fe5ff33d36e7b1d9

Download Submit
\Program Files (x86)\cypojiwkio\vhzpd.exe

Filesize
21KB

MD5
a35c0fcae78f4aa55fe73bb54bface9a

SHA1
d38f40c480e596a9aa33ca248ab06452b4f1fa6d

SHA256
54f7c54cfc6d5126103cc96da951cb21ba6e9cba8f3f2f15c0543520a18166ad

SHA512
a6b40c2fa7b2c0e563bd96ce49c65499ede9de29cb7ff815d172053dd9a9bb0d01540c8f7d38b9f120ba6aedc1678d031db56cddc1d7db20d0b4d44ebb9a4714

Download Submit
memory/1740-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1740-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1740-6-0x0000000001D90000-0x0000000001E24000-memory.dmp

Filesize
592KB

Download
memory/1740-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2096-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2096-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download