1f0362e7242fe446fa4d93941857b82135283b7bc7ae849bd08f2fc17e72247f

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 06:33

Target

ab3b2d06b755844683a3c786c53e51d2.exe
Size

29KB
MD5

ab3b2d06b755844683a3c786c53e51d2
SHA1

a4e3044b4c481207d4aedd59f047b9fe600d2d21
SHA256

1f0362e7242fe446fa4d93941857b82135283b7bc7ae849bd08f2fc17e72247f
SHA512

8d91975f18eac5aeb0e26f0117851b7826f5efa2b1064cdc01089cf67d0b357f35c460a212e521bb3cb96be6e11471d0604828e3740042aec6d40c06fd1aeb1d
SSDEEP

768:UH9PxhMDzqiUJmaSb64ysgNBjxfZy7+wV:UHvjrJj/sgbjxxy7+g

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2152	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2152	1524	ab3b2d06b755844683a3c786c53e51d2.exe	28
PID 1524 wrote to memory of 2152	1524	ab3b2d06b755844683a3c786c53e51d2.exe	28
PID 1524 wrote to memory of 2152	1524	ab3b2d06b755844683a3c786c53e51d2.exe	28
PID 1524 wrote to memory of 2152	1524	ab3b2d06b755844683a3c786c53e51d2.exe	28
PID 1524 wrote to memory of 2548	1524	ab3b2d06b755844683a3c786c53e51d2.exe	30
PID 1524 wrote to memory of 2548	1524	ab3b2d06b755844683a3c786c53e51d2.exe	30
PID 1524 wrote to memory of 2548	1524	ab3b2d06b755844683a3c786c53e51d2.exe	30
PID 1524 wrote to memory of 2548	1524	ab3b2d06b755844683a3c786c53e51d2.exe	30

C:\Users\Admin\AppData\Local\Temp\ab3b2d06b755844683a3c786c53e51d2.exe
"C:\Users\Admin\AppData\Local\Temp\ab3b2d06b755844683a3c786c53e51d2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "c:\_uninsep.bat"
  2⤵
  - Deletes itself
  PID:2152
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "c:\_uninsep.bat"
  2⤵
  PID:2548

C:\_uninsep.bat

Filesize
182B

MD5
4e013d29be0acedd1559be1577896698

SHA1
41c6ff5d54a0237f34b1fba4b5aee7a2bbb426e0

SHA256
ecde6e840313b485244a7caccbbe454d3562c500d895878b9f354c5b9fb3746f

SHA512
cd033c1be61311826432c640e3cac2fa5d8f1f8e8fc9b635cceaf593f008d926a254778008953af405e9ae940c9fbea21ff3c3c62df9a31f9566407af62658e3

Download Submit
memory/1524-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1524-9-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download