0228c7cc17360f46c0c78dcf1260759ada1e5518c137b9e573b376ec9dcb80e7

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 17:12

Target

0228c7cc17360f46c0c78dcf1260759ada1e5518c137b9e573b376ec9dcb80e7.exe
Size

73KB
MD5

bde30d31795948c3efdbac8ed9548bcc
SHA1

567c8964bd76c641c957331c5beb7702ab69e15d
SHA256

0228c7cc17360f46c0c78dcf1260759ada1e5518c137b9e573b376ec9dcb80e7
SHA512

0744414bc9b295d2c43aa1797a1f753c3d4df39e525c4c81623e74cf7410e2f1e47e1844db5540ff9f6e10eaab0dca2876a9cf9d88b38cb5b704400d16acca10
SSDEEP

1536:hb7nBr6k84jyqPdK5QPqfhVWbdsmA+RjPFLC+e5hP0ZGUGf2g:h3V5XLNPqfcxA+HFshPOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1956	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1532	cmd.exe
1532	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1532	1888	0228c7cc17360f46c0c78dcf1260759ada1e5518c137b9e573b376ec9dcb80e7.exe	29
PID 1888 wrote to memory of 1532	1888	0228c7cc17360f46c0c78dcf1260759ada1e5518c137b9e573b376ec9dcb80e7.exe	29
PID 1888 wrote to memory of 1532	1888	0228c7cc17360f46c0c78dcf1260759ada1e5518c137b9e573b376ec9dcb80e7.exe	29
PID 1888 wrote to memory of 1532	1888	0228c7cc17360f46c0c78dcf1260759ada1e5518c137b9e573b376ec9dcb80e7.exe	29
PID 1532 wrote to memory of 1956	1532	cmd.exe	30
PID 1532 wrote to memory of 1956	1532	cmd.exe	30
PID 1532 wrote to memory of 1956	1532	cmd.exe	30
PID 1532 wrote to memory of 1956	1532	cmd.exe	30
PID 1956 wrote to memory of 2528	1956	[email protected]	31
PID 1956 wrote to memory of 2528	1956	[email protected]	31
PID 1956 wrote to memory of 2528	1956	[email protected]	31
PID 1956 wrote to memory of 2528	1956	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\0228c7cc17360f46c0c78dcf1260759ada1e5518c137b9e573b376ec9dcb80e7.exe
"C:\Users\Admin\AppData\Local\Temp\0228c7cc17360f46c0c78dcf1260759ada1e5518c137b9e573b376ec9dcb80e7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1532
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 15225.exe
      4⤵
      PID:2528

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
30ed146670b959cb7c3cecd7d36718f1

SHA1
1bdce0d1c8b71cdae8c8713a1dfca60f70ffc0bd

SHA256
bc3e9f14f1c207253bbd32ab8aa1bc4aef72cf154bd5d69aba0fc45c7695468e

SHA512
13775dcbe79fef450d5efb5f1452a52a84a72017e62a72374c1295a0d7c5ca598055af888ae0e992178c6b7392d7c7f8f33c66e6792b1f4a78d0a041f37cdb7e

Download Submit
memory/1888-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1956-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download