6d7f185f13e00d45b0f1c91dcbd55944dfefe87953e8d276a52bf870195683f7

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 22:39

Target

6d7f185f13e00d45b0f1c91dcbd55944dfefe87953e8d276a52bf870195683f7.exe
Size

79KB
MD5

8f3d3a4c93bfedb16efe78f189323a94
SHA1

d2eada10aea7a3af2e7e010e8e85b273840fd9d2
SHA256

6d7f185f13e00d45b0f1c91dcbd55944dfefe87953e8d276a52bf870195683f7
SHA512

e13ae714cd1a543723e24d42e5bcf459c458a5a18d90ead74659db8b8fde1f5306cb7ba0c3f96464b9cc7a4c6ac831a88528611ae00b8c0bdea6b2ab8410dd9a
SSDEEP

1536:zv66mWLYKn8V5JOQA8AkqUhMb2nuy5wgIP0CSJ+5ysB8GMGlZ5G:zv6PsoIGdqU7uy5w9WMysN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2220	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2248	cmd.exe
2248	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2248	2804	6d7f185f13e00d45b0f1c91dcbd55944dfefe87953e8d276a52bf870195683f7.exe	29
PID 2804 wrote to memory of 2248	2804	6d7f185f13e00d45b0f1c91dcbd55944dfefe87953e8d276a52bf870195683f7.exe	29
PID 2804 wrote to memory of 2248	2804	6d7f185f13e00d45b0f1c91dcbd55944dfefe87953e8d276a52bf870195683f7.exe	29
PID 2804 wrote to memory of 2248	2804	6d7f185f13e00d45b0f1c91dcbd55944dfefe87953e8d276a52bf870195683f7.exe	29
PID 2248 wrote to memory of 2220	2248	cmd.exe	30
PID 2248 wrote to memory of 2220	2248	cmd.exe	30
PID 2248 wrote to memory of 2220	2248	cmd.exe	30
PID 2248 wrote to memory of 2220	2248	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6d7f185f13e00d45b0f1c91dcbd55944dfefe87953e8d276a52bf870195683f7.exe
"C:\Users\Admin\AppData\Local\Temp\6d7f185f13e00d45b0f1c91dcbd55944dfefe87953e8d276a52bf870195683f7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2220

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
b6af94472df41003dbee61c931a76830

SHA1
7f32abfcea84e06f8039de72be803b2bfd050c25

SHA256
60b80829c798517be41e9398e06c66fcf06e022b0b978977f161d3e6c8cb39ef

SHA512
502a97ca2e61bcb26adb92ae0d2e5f7ddb13c96d974ebb26b1d4234c3965b7f0c4ff013ce2c30b97bcbc8ae077016c11ec0149e4fed2c704e7997a8d80ec34bb

Download Submit
memory/2220-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2804-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download