d1fef049c331d794fddfbee5487cac00d9b31cc441fef992ef81c02e75790e29

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 23:22

Target

d1fef049c331d794fddfbee5487cac00d9b31cc441fef992ef81c02e75790e29.exe
Size

79KB
MD5

4368deae5e2d8ff1738a07e9e4ca48da
SHA1

e6aedad6cb79bbb66a0f360a1f4d056431f333a1
SHA256

d1fef049c331d794fddfbee5487cac00d9b31cc441fef992ef81c02e75790e29
SHA512

727a5ddfd7a07173b14c886775e8db6c4809c071732dc6be4c2b203b7815acfd6e1ecaca5b263e9ea79ff2db57519547c5346bb2c644272202cee18d742b7c8c
SSDEEP

1536:zvlTXek+q3OQA8AkqUhMb2nuy5wgIP0CSJ+5yytB8GMGlZ5G:zvlikGGdqU7uy5w9WMy6N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2504	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2600	cmd.exe
2600	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2600	1752	d1fef049c331d794fddfbee5487cac00d9b31cc441fef992ef81c02e75790e29.exe	29
PID 1752 wrote to memory of 2600	1752	d1fef049c331d794fddfbee5487cac00d9b31cc441fef992ef81c02e75790e29.exe	29
PID 1752 wrote to memory of 2600	1752	d1fef049c331d794fddfbee5487cac00d9b31cc441fef992ef81c02e75790e29.exe	29
PID 1752 wrote to memory of 2600	1752	d1fef049c331d794fddfbee5487cac00d9b31cc441fef992ef81c02e75790e29.exe	29
PID 2600 wrote to memory of 2504	2600	cmd.exe	30
PID 2600 wrote to memory of 2504	2600	cmd.exe	30
PID 2600 wrote to memory of 2504	2600	cmd.exe	30
PID 2600 wrote to memory of 2504	2600	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\d1fef049c331d794fddfbee5487cac00d9b31cc441fef992ef81c02e75790e29.exe
"C:\Users\Admin\AppData\Local\Temp\d1fef049c331d794fddfbee5487cac00d9b31cc441fef992ef81c02e75790e29.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2504

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fc310da9b1cb4529941059e96605ee28

SHA1
d50d698ef71e362a96738d9ed2235aa7e712960c

SHA256
02744d8de2be5ed08dd46e7053469ff344fd9da8da4300fa665bb59994e8cb7e

SHA512
9f01982688ffaab31f9e590f9f9f59b77d0a64a3d0248dec9355fb717eef7c76e901a770c8f75892d908a5e2741d9212cd22682963eab4c790cda6467888b4b9

Download Submit
memory/1752-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2504-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download