2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 18:59 UTC

Target

2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
Size

197KB
MD5

3a56b4bfdc3e26faf2f9a25a9d0b99bb
SHA1

6d3eb841a2ef53ac973af87285016e03035da334
SHA256

2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e
SHA512

b312241b47fe80bf50c0d693e3904420ff91f387c7bbf7599b4e74a76336125df1e7848b8b0d2f2f238d35ccae8407f27368079db5b4033ad6dd70f6847bc264
SSDEEP

3072:zy7MbiS1bE8Pt/fXDYxCBwmdWfIv0koEpZAWCuSE3mX76mFSYkP9+A4j:uIbiS1VuC5MJEpj0RX76m1kV+A

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2980	2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe

Executes dropped EXE 1 IoCs

pid	Process
2980	2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe

Loads dropped DLL 1 IoCs

pid	Process
2728	2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2728	2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2980	2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2980	2728	2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe	29
PID 2728 wrote to memory of 2980	2728	2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe	29
PID 2728 wrote to memory of 2980	2728	2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe	29
PID 2728 wrote to memory of 2980	2728	2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe	29

\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe

Filesize
197KB

MD5
fef508aebd4aae080bb245be65697205

SHA1
9d6dbef980e8f3844a1ff72265b7d151668f3899

SHA256
6c757185554c9205cc0c36d7548d187c8c68984db68b0725c1ee120ad021393a

SHA512
4da7e5e9151ec518bbcc9c736c279426c6dda3266c84f71fda4d692247469e61763b8cb6dc49d4fbde54c4ba49d32fc06632ba2c94d4b77b321947d277c18b05

Download Submit
memory/2728-0-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2728-6-0x0000000001540000-0x0000000001579000-memory.dmp

Filesize
228KB

Download
memory/2728-9-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2980-12-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2980-11-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2980-17-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download