7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-03-2024 21:28

Target

7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe
Size

79KB
MD5

e4198d1174a379a357960b4b302b528d
SHA1

b887a88c4eed71f684d3cd080c4d456ff7f172a8
SHA256

7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d
SHA512

d30f8685d489030cdb24335c0a4f4f2b6f5d139aad945b5548f16922726b4b5c8e4352f85a8ec22f5b74c9e59d5c9652f9e0716c33169a36ce9399ba6141fd4f
SSDEEP

1536:zvWFMiUFK780JWTnOQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvWF3UFK78p6GdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1264	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2008	cmd.exe
2008	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 2008	1312	7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe	29
PID 1312 wrote to memory of 2008	1312	7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe	29
PID 1312 wrote to memory of 2008	1312	7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe	29
PID 1312 wrote to memory of 2008	1312	7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe	29
PID 2008 wrote to memory of 1264	2008	cmd.exe	30
PID 2008 wrote to memory of 1264	2008	cmd.exe	30
PID 2008 wrote to memory of 1264	2008	cmd.exe	30
PID 2008 wrote to memory of 1264	2008	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe
"C:\Users\Admin\AppData\Local\Temp\7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2008
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1264

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d28c09edd03f7ae1dce3e8c673c7d4d4

SHA1
de7d83c2183dcfc5c98f5ef3bdf3dc66879c8a53

SHA256
f26f128479f43a801036c202ba137b9e52397a6200da00b8de36a0f0d543be8d

SHA512
4a555f71ec40401177eee7695d571a668cf830e2bc8263a824c87949fb054add9df2e58f1fb8bb81a285154f4383c370166ec2dfeb98565e53ae2cc9d86cd3ff

Download Submit
memory/1264-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1312-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download