dc70356bfbafd144d3b94c45e360e6600eabe9b92ed094b739b14a1293cf9bb6

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 23:38

Target

dc70356bfbafd144d3b94c45e360e6600eabe9b92ed094b739b14a1293cf9bb6.exe
Size

79KB
MD5

aaf8578f545de24f61b9636310ba2277
SHA1

1e5d50a33e60fd05ba9da65fbaa10a115e5c4887
SHA256

dc70356bfbafd144d3b94c45e360e6600eabe9b92ed094b739b14a1293cf9bb6
SHA512

7cf75eacfb2c404350252925a6c30b3f4bc751cf07587d572ec16e8945b811dc11ede95d985eaa0fa11d1e74e2616054e394f0259372bef3d38ecf63f2541a81
SSDEEP

1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5y9B8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMy9N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1420	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3024	cmd.exe
3024	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3024	2388	dc70356bfbafd144d3b94c45e360e6600eabe9b92ed094b739b14a1293cf9bb6.exe	29
PID 2388 wrote to memory of 3024	2388	dc70356bfbafd144d3b94c45e360e6600eabe9b92ed094b739b14a1293cf9bb6.exe	29
PID 2388 wrote to memory of 3024	2388	dc70356bfbafd144d3b94c45e360e6600eabe9b92ed094b739b14a1293cf9bb6.exe	29
PID 2388 wrote to memory of 3024	2388	dc70356bfbafd144d3b94c45e360e6600eabe9b92ed094b739b14a1293cf9bb6.exe	29
PID 3024 wrote to memory of 1420	3024	cmd.exe	30
PID 3024 wrote to memory of 1420	3024	cmd.exe	30
PID 3024 wrote to memory of 1420	3024	cmd.exe	30
PID 3024 wrote to memory of 1420	3024	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\dc70356bfbafd144d3b94c45e360e6600eabe9b92ed094b739b14a1293cf9bb6.exe
"C:\Users\Admin\AppData\Local\Temp\dc70356bfbafd144d3b94c45e360e6600eabe9b92ed094b739b14a1293cf9bb6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1420

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
415ee27097aac6f76664b9c4424e8ec4

SHA1
a51d555a57647caba8045fc2549e2a40fb48e3ed

SHA256
2ecdad0daea864476afc479639cbef73bfd8ce5dc63284840aa3f0bf88664f05

SHA512
ce0983ea6a4d7b1772ded24b7a60035ff35d2fe5da312324913b2adb0ca4a567c14cc04055064e61bdeca86ac5c8f7f47aa276ef63a66a711a0494e8f643a773

Download Submit
memory/1420-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2388-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download