11e3967bc2698dfc953a0e9cecbaa184091afa2d96ec0291ccb41570d361fca2

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 17:38

Target

11e3967bc2698dfc953a0e9cecbaa184091afa2d96ec0291ccb41570d361fca2.exe
Size

79KB
MD5

6173daed62737559b85638e4b1a62b0d
SHA1

9baec72d1786c72b7c6e6fcf226ef0d3ecc0e39f
SHA256

11e3967bc2698dfc953a0e9cecbaa184091afa2d96ec0291ccb41570d361fca2
SHA512

841a2facd07b2dd872f5ed7d22c8df6c752b10dc4cb603c03f5dcf9020e6a6edface098f2fba81b78efdd83a7b1c8d07214e682d7c50d6af4ea26645c3d27f96
SSDEEP

1536:zvLMlxIudK02OQA8AkqUhMb2nuy5wgIP0CSJ+5yVmB8GMGlZ5G:zvwvVdK0TGdqU7uy5w9WMywN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2948	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2876	cmd.exe
2876	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 2876	1320	11e3967bc2698dfc953a0e9cecbaa184091afa2d96ec0291ccb41570d361fca2.exe	29
PID 1320 wrote to memory of 2876	1320	11e3967bc2698dfc953a0e9cecbaa184091afa2d96ec0291ccb41570d361fca2.exe	29
PID 1320 wrote to memory of 2876	1320	11e3967bc2698dfc953a0e9cecbaa184091afa2d96ec0291ccb41570d361fca2.exe	29
PID 1320 wrote to memory of 2876	1320	11e3967bc2698dfc953a0e9cecbaa184091afa2d96ec0291ccb41570d361fca2.exe	29
PID 2876 wrote to memory of 2948	2876	cmd.exe	30
PID 2876 wrote to memory of 2948	2876	cmd.exe	30
PID 2876 wrote to memory of 2948	2876	cmd.exe	30
PID 2876 wrote to memory of 2948	2876	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\11e3967bc2698dfc953a0e9cecbaa184091afa2d96ec0291ccb41570d361fca2.exe
"C:\Users\Admin\AppData\Local\Temp\11e3967bc2698dfc953a0e9cecbaa184091afa2d96ec0291ccb41570d361fca2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2876
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2948

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2fceb7d2df67bba5c6bb691bbe82780a

SHA1
9df759a2d291601525956bceaa290db755598e31

SHA256
e731a5ab09ac1446783cbce6ebeb25c1c736857df00f1c61df1aadb461ffbbcf

SHA512
91e9ec650d64869a6eaf6a26a561ab76513bef32532b5765698450a5ec3c6739cc739d17d0c110b0189fe5f8b24f623a0f47c65dcf442bc089a7c9ad5e651f22

Download Submit
memory/1320-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2948-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download