16dcd002b4c8872bafd2151f92f550bcc2f49350370906ee3bc85fde351e0f2b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 06:09

Target

a124029e8318be23855a1868458d6380.exe
Size

100KB
MD5

a124029e8318be23855a1868458d6380
SHA1

765aa0c0ae575ba63eea2a43340b2ff5b92950ad
SHA256

16dcd002b4c8872bafd2151f92f550bcc2f49350370906ee3bc85fde351e0f2b
SHA512

e147a0bc2651bc32f665103d73413787e88df7aa0e5d9fcbfc48e3ffcbe2df3a59d1975dcfa25ec84c8100a7f97c96fe03e3ae02d6b4276eb04d3953e6092da9
SSDEEP

1536:2UTIOW/eGheFMyLo7EucDah6XpPF0PlXl0ShW/MW+EA310JD:2EIHhcMyLojIYPP0Dn+EA310JD

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2420	YCWWCW.EXE

Loads dropped DLL 2 IoCs

pid	Process
2404	a124029e8318be23855a1868458d6380.exe
2404	a124029e8318be23855a1868458d6380.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\YCWWCW.EXE	a124029e8318be23855a1868458d6380.exe
File opened for modification	C:\WINDOWS\SysWOW64\YCWWCW.EXE	a124029e8318be23855a1868458d6380.exe
File created	C:\WINDOWS\SysWOW64\YCWWCW.EXE	YCWWCW.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2420	2404	a124029e8318be23855a1868458d6380.exe	28
PID 2404 wrote to memory of 2420	2404	a124029e8318be23855a1868458d6380.exe	28
PID 2404 wrote to memory of 2420	2404	a124029e8318be23855a1868458d6380.exe	28
PID 2404 wrote to memory of 2420	2404	a124029e8318be23855a1868458d6380.exe	28

\Windows\SysWOW64\YCWWCW.EXE

Filesize
100KB

MD5
a124029e8318be23855a1868458d6380

SHA1
765aa0c0ae575ba63eea2a43340b2ff5b92950ad

SHA256
16dcd002b4c8872bafd2151f92f550bcc2f49350370906ee3bc85fde351e0f2b

SHA512
e147a0bc2651bc32f665103d73413787e88df7aa0e5d9fcbfc48e3ffcbe2df3a59d1975dcfa25ec84c8100a7f97c96fe03e3ae02d6b4276eb04d3953e6092da9

Download Submit