3a0c5c99c2c1b09cebbfbee42d97e680028a6539cba61998b293e9378b2442d4

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 19:29

Target

3a0c5c99c2c1b09cebbfbee42d97e680028a6539cba61998b293e9378b2442d4.exe
Size

79KB
MD5

055898337a4d4a87ad0e997db0e42a33
SHA1

94f653c34cb7a56ae27ebf2cfb0cc8c8e0ea2b6a
SHA256

3a0c5c99c2c1b09cebbfbee42d97e680028a6539cba61998b293e9378b2442d4
SHA512

1e563d65febce0bbc054f277d64da3b3e3dcdff862c822c62cc86e8fc32acf8e8081a0e95341e1f54fb77bc31cfa8965e19fa84f1fdb1c52e2d8bb910af776a9
SSDEEP

1536:zv66mWLYKn8V5JOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zv6PsoIGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1984	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2504	cmd.exe
2504	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2504	2092	3a0c5c99c2c1b09cebbfbee42d97e680028a6539cba61998b293e9378b2442d4.exe	29
PID 2092 wrote to memory of 2504	2092	3a0c5c99c2c1b09cebbfbee42d97e680028a6539cba61998b293e9378b2442d4.exe	29
PID 2092 wrote to memory of 2504	2092	3a0c5c99c2c1b09cebbfbee42d97e680028a6539cba61998b293e9378b2442d4.exe	29
PID 2092 wrote to memory of 2504	2092	3a0c5c99c2c1b09cebbfbee42d97e680028a6539cba61998b293e9378b2442d4.exe	29
PID 2504 wrote to memory of 1984	2504	cmd.exe	30
PID 2504 wrote to memory of 1984	2504	cmd.exe	30
PID 2504 wrote to memory of 1984	2504	cmd.exe	30
PID 2504 wrote to memory of 1984	2504	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3a0c5c99c2c1b09cebbfbee42d97e680028a6539cba61998b293e9378b2442d4.exe
"C:\Users\Admin\AppData\Local\Temp\3a0c5c99c2c1b09cebbfbee42d97e680028a6539cba61998b293e9378b2442d4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1984

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e7ad57b9c7d0d31da3054fae8432c270

SHA1
af814ebcec355f0e5e96730502d6bcc8fc87c8c0

SHA256
c2c9a7dc9a1bfa554f3602494388b9f34825bded1338590fa4453e7b91f2c47a

SHA512
b521b42cc857555e19770701988c1a93f9dbd690c8da826095dac50900e18a2527f5d95ca9c127f5123293287f134040044b9e34c7a344360c6580b3d02209ca

Download Submit
memory/1984-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2092-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download