858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-03-2024 22:32

Target

8gaLYHLcZ4DPV.exe
Size

714KB
MD5

7727963efc8200f92940631f9d78a872
SHA1

54fe7f1c71139b3d6d41bcad47798a3f7eb8cd0e
SHA256

858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913
SHA512

cc005701158c0984fe07b60c4f73db69d4d4ece57559b6410de7a541e42b9409595a32ecded3fcbd33247d31d9f06d6d6aff25118a90cf16284430083017c4e9
SSDEEP

12288:zo01IzLB/XV/JfQqjV+tFHxMfR+G1x2VK8PTkKE2qtFL/MLsJT55:zLMb/5QqjV+tFRMfRuk528L/M8T55

Score

7^/10

Deletes itself 1 IoCs

Processes:

.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe

pid process

3024 .8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe
Executes dropped EXE 1 IoCs

Processes:

.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe

pid process

3024 .8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

8gaLYHLcZ4DPV.exe

pid process

1936 8gaLYHLcZ4DPV.exe

pid	process
3024	.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe

pid	process
3024	.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe

pid	process
1936	8gaLYHLcZ4DPV.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

8gaLYHLcZ4DPV.exe.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe

description	pid	process	target process
PID 1936 wrote to memory of 3024	1936	8gaLYHLcZ4DPV.exe	.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe
PID 1936 wrote to memory of 3024	1936	8gaLYHLcZ4DPV.exe	.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe
PID 1936 wrote to memory of 3024	1936	8gaLYHLcZ4DPV.exe	.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe
PID 3024 wrote to memory of 2624	3024	.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe	cmd.exe
PID 3024 wrote to memory of 2624	3024	.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe	cmd.exe
PID 3024 wrote to memory of 2624	3024	.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe

Filesize
76KB

MD5
aeb63249b90ea3de5cd2b925e38cb03d

SHA1
d89529fe8754b6541f969902c6a2ec5cc059f939

SHA256
15ab76fab020f7cd1d3cc4c5b14edf1fd65291866f3f8967f993d55e04f60f64

SHA512
3e5994b2022dc0354575201e0f48cba6663a83d5349e892a0e9c88506429c68ff479124e8959b342bd62ff8c40b9acdd7c4a0b97e7c181c5de2d2712baa33476

Download Submit
C:\Users\Admin\AppData\Local\Temp\.8gaLYHLcZ4DPV.zhnmoywuiyeauhzcpbtmllrpdkavvkny.__selfdelete__.exe

Filesize
714KB

MD5
7727963efc8200f92940631f9d78a872

SHA1
54fe7f1c71139b3d6d41bcad47798a3f7eb8cd0e

SHA256
858ddfe6530fb00adb467f26e2c8f119fef284e1e9b6c92f0634f403ee3e7913

SHA512
cc005701158c0984fe07b60c4f73db69d4d4ece57559b6410de7a541e42b9409595a32ecded3fcbd33247d31d9f06d6d6aff25118a90cf16284430083017c4e9

Download Submit