67d3943a7f822c8c4344d0e8ce884a7d40e71d0ff99b8dfe506a37404ee1d602

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 19:54

Target

67d3943a7f822c8c4344d0e8ce884a7d40e71d0ff99b8dfe506a37404ee1d602.exe
Size

79KB
MD5

e844efaf32711393b0a32f6ee7eb489c
SHA1

2eee5af7c3780764824849fdfacefc154b9fe755
SHA256

67d3943a7f822c8c4344d0e8ce884a7d40e71d0ff99b8dfe506a37404ee1d602
SHA512

17f711e3beaf63821f2783c28584842f6102d7ffb47c72098556d0490d6049852c4583dc801faf75be45e9eb167084e4994584072972036f76b1c88f5275ed88
SSDEEP

1536:zv9bXiv/4povvaELhOQA8AkqUhMb2nuy5wgIP0CSJ+5yUB8GMGlZ5G:zv9qvCEUGdqU7uy5w9WMyUN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2900	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2504	cmd.exe
2504	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2504	1888	67d3943a7f822c8c4344d0e8ce884a7d40e71d0ff99b8dfe506a37404ee1d602.exe	29
PID 1888 wrote to memory of 2504	1888	67d3943a7f822c8c4344d0e8ce884a7d40e71d0ff99b8dfe506a37404ee1d602.exe	29
PID 1888 wrote to memory of 2504	1888	67d3943a7f822c8c4344d0e8ce884a7d40e71d0ff99b8dfe506a37404ee1d602.exe	29
PID 1888 wrote to memory of 2504	1888	67d3943a7f822c8c4344d0e8ce884a7d40e71d0ff99b8dfe506a37404ee1d602.exe	29
PID 2504 wrote to memory of 2900	2504	cmd.exe	30
PID 2504 wrote to memory of 2900	2504	cmd.exe	30
PID 2504 wrote to memory of 2900	2504	cmd.exe	30
PID 2504 wrote to memory of 2900	2504	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\67d3943a7f822c8c4344d0e8ce884a7d40e71d0ff99b8dfe506a37404ee1d602.exe
"C:\Users\Admin\AppData\Local\Temp\67d3943a7f822c8c4344d0e8ce884a7d40e71d0ff99b8dfe506a37404ee1d602.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2900

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c5c7614b1bb8dd2cf87282c524098947

SHA1
965011b0c07eef56b61590d11ee5c99f08b03017

SHA256
be4408e96d564d8d365e201276ce032ae5d6ec24fdbabb128d6168675a9ed5ab

SHA512
cd45abcd38b2728db175aa669e6908305b21633acb6754ac93f6775b5f679ab3c9bcccbd6ffa64b390c87a591c14931ec87d076166b931b721c6940a92c9c690

Download Submit
memory/1888-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2900-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download