b7f417555694cc1ee08980ccd6af2749adf78ade403b5d2c4faa93b081ce08ae

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 22:35

Target

b7f417555694cc1ee08980ccd6af2749adf78ade403b5d2c4faa93b081ce08ae.exe
Size

73KB
MD5

5a9c3cb32ceab2942dd0547b71e5db4c
SHA1

d400caa86108febb8380975af211232d0fd92c11
SHA256

b7f417555694cc1ee08980ccd6af2749adf78ade403b5d2c4faa93b081ce08ae
SHA512

1ba43a347a09ab9b260bf0262af24731950c9a3dd099a1eb5ad93ecf4c7d4e1631c62cdb83e1ad821544c5e1ec6eaf440343952bf4a97011cdef9905c5a886eb
SSDEEP

1536:hbWuCl07eiHK5QPqfhVWbdsmA+RjPFLC+e5hi0ZGUGf2g:hCuCS7dHNPqfcxA+HFshiOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2508	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2776	cmd.exe
2776	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2776	2212	b7f417555694cc1ee08980ccd6af2749adf78ade403b5d2c4faa93b081ce08ae.exe	29
PID 2212 wrote to memory of 2776	2212	b7f417555694cc1ee08980ccd6af2749adf78ade403b5d2c4faa93b081ce08ae.exe	29
PID 2212 wrote to memory of 2776	2212	b7f417555694cc1ee08980ccd6af2749adf78ade403b5d2c4faa93b081ce08ae.exe	29
PID 2212 wrote to memory of 2776	2212	b7f417555694cc1ee08980ccd6af2749adf78ade403b5d2c4faa93b081ce08ae.exe	29
PID 2776 wrote to memory of 2508	2776	cmd.exe	30
PID 2776 wrote to memory of 2508	2776	cmd.exe	30
PID 2776 wrote to memory of 2508	2776	cmd.exe	30
PID 2776 wrote to memory of 2508	2776	cmd.exe	30
PID 2508 wrote to memory of 2544	2508	[email protected]	31
PID 2508 wrote to memory of 2544	2508	[email protected]	31
PID 2508 wrote to memory of 2544	2508	[email protected]	31
PID 2508 wrote to memory of 2544	2508	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\b7f417555694cc1ee08980ccd6af2749adf78ade403b5d2c4faa93b081ce08ae.exe
"C:\Users\Admin\AppData\Local\Temp\b7f417555694cc1ee08980ccd6af2749adf78ade403b5d2c4faa93b081ce08ae.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2544

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
0cdcb00c465c803a457922f33442fa6c

SHA1
f76d05a714b3b3fa9d9fa45d528c6a96c9a49dc7

SHA256
bcb87803b6624f4efda40d63464db961b98773ad9315bac0f969d5ef34dd9408

SHA512
a76ff3a5179201bb0af5d01bf420a81f40cec5ce0197637934e972ed46db9f63209ca0504bd539c74daf05074f9799a9da7ea720946716f3964beb5e08d09e44

Download Submit
memory/2212-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2508-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download