dc9a4d39302f9007edce29c74a0eeacc74d9ec771a3f7097767b85ee9f0508aa

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 14:55

Target

bee49100c78a28ef701eb4995100e637.exe
Size

120KB
MD5

bee49100c78a28ef701eb4995100e637
SHA1

08197363b8d454e5f68875c6e5b14b20d7af7246
SHA256

dc9a4d39302f9007edce29c74a0eeacc74d9ec771a3f7097767b85ee9f0508aa
SHA512

167d06f684ce6d56e9c1c0d092441f2b64ddf6002d3b076c2875fda5fb290b481863cce7b168c2c0aaaf0d3f09ab05bba860c98fd71a85d6764ef1e017f1d2e3
SSDEEP

1536:QChTmJ2miM6w2tDJzQSA7FZNataIO2FnToIfiB:qJ2XJzcFreo2tTBfiB

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2164	notepad.exe

Loads dropped DLL 2 IoCs

pid	Process
2488	bee49100c78a28ef701eb4995100e637.exe
2488	bee49100c78a28ef701eb4995100e637.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\notepad.exe	bee49100c78a28ef701eb4995100e637.exe
File opened for modification	C:\Program Files (x86)\Common Files\notepad.exe	bee49100c78a28ef701eb4995100e637.exe

Opens file in notepad (likely ransom note) 1 IoCs

pid	Process
2164	notepad.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2164	2488	bee49100c78a28ef701eb4995100e637.exe	28
PID 2488 wrote to memory of 2164	2488	bee49100c78a28ef701eb4995100e637.exe	28
PID 2488 wrote to memory of 2164	2488	bee49100c78a28ef701eb4995100e637.exe	28
PID 2488 wrote to memory of 2164	2488	bee49100c78a28ef701eb4995100e637.exe	28
PID 2164 wrote to memory of 2596	2164	notepad.exe	29
PID 2164 wrote to memory of 2596	2164	notepad.exe	29
PID 2164 wrote to memory of 2596	2164	notepad.exe	29
PID 2164 wrote to memory of 2596	2164	notepad.exe	29
PID 2164 wrote to memory of 2596	2164	notepad.exe	29
PID 2164 wrote to memory of 2596	2164	notepad.exe	29
PID 2164 wrote to memory of 2596	2164	notepad.exe	29

C:\Program Files (x86)\Common Files\notepad.exe

Filesize
120KB

MD5
bee49100c78a28ef701eb4995100e637

SHA1
08197363b8d454e5f68875c6e5b14b20d7af7246

SHA256
dc9a4d39302f9007edce29c74a0eeacc74d9ec771a3f7097767b85ee9f0508aa

SHA512
167d06f684ce6d56e9c1c0d092441f2b64ddf6002d3b076c2875fda5fb290b481863cce7b168c2c0aaaf0d3f09ab05bba860c98fd71a85d6764ef1e017f1d2e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7050.tmp

Filesize
100KB

MD5
23ac5425e81e809bf4b919263def997f

SHA1
224e674d501d3ced269ee5ba6125c0d826b29bf5

SHA256
778cc246e616dba4fc36a7dcc3c1a1e421f230687c538b65611ffc6eaf9e54bd

SHA512
e73db5179fbd7962c1af68a287665e2b9647c826770372cf842935cec30d75d0730410ffc1fc2fc17dc28839a1e5b7dea9de5d9ee06d86faf9038941ae06df47

Download Submit
memory/2164-9-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2488-11-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download