ed30f02729c0f5ac176833008d834ece4f07ea3586ac3b1051826cd67a8fe1bf

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 00:08

Target

ed30f02729c0f5ac176833008d834ece4f07ea3586ac3b1051826cd67a8fe1bf.exe
Size

79KB
MD5

fc0a32a0ff1eb6eac23d171d1b91c0b9
SHA1

9bc62439f2c3c14ea3c4d9745c84aeaa18d45729
SHA256

ed30f02729c0f5ac176833008d834ece4f07ea3586ac3b1051826cd67a8fe1bf
SHA512

5ab59fabbbbf31e01076ae05b42c8a03b227ab428ede3d2be73b7546b92bdbbe45fd76f9801ebcaf187fdcf98d8cf66774688447de4276ab5619f92936340fee
SSDEEP

1536:zvlIj2RxFr51zXOQA8AkqUhMb2nuy5wgIP0CSJ+5yqB8GMGlZ5G:zvqjWFr+GdqU7uy5w9WMyqN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2480	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2492	cmd.exe
2492	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2492	2444	ed30f02729c0f5ac176833008d834ece4f07ea3586ac3b1051826cd67a8fe1bf.exe	29
PID 2444 wrote to memory of 2492	2444	ed30f02729c0f5ac176833008d834ece4f07ea3586ac3b1051826cd67a8fe1bf.exe	29
PID 2444 wrote to memory of 2492	2444	ed30f02729c0f5ac176833008d834ece4f07ea3586ac3b1051826cd67a8fe1bf.exe	29
PID 2444 wrote to memory of 2492	2444	ed30f02729c0f5ac176833008d834ece4f07ea3586ac3b1051826cd67a8fe1bf.exe	29
PID 2492 wrote to memory of 2480	2492	cmd.exe	30
PID 2492 wrote to memory of 2480	2492	cmd.exe	30
PID 2492 wrote to memory of 2480	2492	cmd.exe	30
PID 2492 wrote to memory of 2480	2492	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\ed30f02729c0f5ac176833008d834ece4f07ea3586ac3b1051826cd67a8fe1bf.exe
"C:\Users\Admin\AppData\Local\Temp\ed30f02729c0f5ac176833008d834ece4f07ea3586ac3b1051826cd67a8fe1bf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2480

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3ffe5f71fd2f83fe5eb93e0c84725209

SHA1
021759aba50032e07a6a442372d2c045415fa0a9

SHA256
263d328a3b83033bb3bc2a0750f81468f5523f99ac0e77403f5fe62fa270790e

SHA512
57fd5485af3a90550f9ee1f70f736a628973a8ee9c3afa2fffbafff9c04e1825da0b3b7fdab32c98575cba2ebb871c4132a8e07ee40a479560ac60fea2afbdb3

Download Submit
memory/2444-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2480-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download