abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 22:11

Target

abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe
Size

79KB
MD5

9a13c55289e826574f6ee19133c15ec1
SHA1

088661a09bc25f62597c169dcfa8a6f5364457a5
SHA256

abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922
SHA512

5a46429f92232577c61edbb21c128823f548caf1c6b1828bfecd1c3a75dd6c3b4668282e9fcdcc9b1c35e15f4c7b205b1c0900b7df259a4481676e1ae2dc9042
SSDEEP

1536:zvhsB3L8IR1f1wOQA8AkqUhMb2nuy5wgIP0CSJ+5yXB8GMGlZ5G:zvKlL8IRJ1lGdqU7uy5w9WMyXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1252	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1932	cmd.exe
1932	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 1932	2308	abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe	29
PID 2308 wrote to memory of 1932	2308	abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe	29
PID 2308 wrote to memory of 1932	2308	abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe	29
PID 2308 wrote to memory of 1932	2308	abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe	29
PID 1932 wrote to memory of 1252	1932	cmd.exe	30
PID 1932 wrote to memory of 1252	1932	cmd.exe	30
PID 1932 wrote to memory of 1252	1932	cmd.exe	30
PID 1932 wrote to memory of 1252	1932	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe
"C:\Users\Admin\AppData\Local\Temp\abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1252

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
09c430a9e610262fa30a6866e159d2de

SHA1
f71db97888c0f065da6125859f7d2e7d02dd11a1

SHA256
15790c6c8af00de57783f827451181c19666187ac9b351cddf947d93969b3fbb

SHA512
861f2beaa515d87657a81c81a42fa0a3d9ce6eec0d39374df3b7c01d921d7c04147b6742d1aa93ce1c0233acbe30b51b9cf4a50705466b3efaa9f3de2004f1b5

Download Submit
memory/1252-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2308-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download