bd3d34ab1a33a8b3dc41bdd19c926e8983fa9fed74863e9499fed0e4fc0ed6df

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 00:16

Target

bd3d34ab1a33a8b3dc41bdd19c926e8983fa9fed74863e9499fed0e4fc0ed6df.exe
Size

79KB
MD5

278db93f50be78e344e3f8143bf04333
SHA1

cb4002e967e52928cb49208804364b24d8e3e884
SHA256

bd3d34ab1a33a8b3dc41bdd19c926e8983fa9fed74863e9499fed0e4fc0ed6df
SHA512

6aa591e1a185fee3135d47f29aea7d653a8d7ae5983086f14f43125514f67092cfb8b222ea57e5602d6e73c3cf3a4d95b6e142adae45bb27ecd05998165c8238
SSDEEP

1536:zvXYGGGLxvU6yt/LMOQA8AkqUhMb2nuy5wgIP0CSJ+5y2B8GMGlZ5G:zv9tLSL5GdqU7uy5w9WMy2N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2128	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2576	cmd.exe
2576	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2576	1868	bd3d34ab1a33a8b3dc41bdd19c926e8983fa9fed74863e9499fed0e4fc0ed6df.exe	29
PID 1868 wrote to memory of 2576	1868	bd3d34ab1a33a8b3dc41bdd19c926e8983fa9fed74863e9499fed0e4fc0ed6df.exe	29
PID 1868 wrote to memory of 2576	1868	bd3d34ab1a33a8b3dc41bdd19c926e8983fa9fed74863e9499fed0e4fc0ed6df.exe	29
PID 1868 wrote to memory of 2576	1868	bd3d34ab1a33a8b3dc41bdd19c926e8983fa9fed74863e9499fed0e4fc0ed6df.exe	29
PID 2576 wrote to memory of 2128	2576	cmd.exe	30
PID 2576 wrote to memory of 2128	2576	cmd.exe	30
PID 2576 wrote to memory of 2128	2576	cmd.exe	30
PID 2576 wrote to memory of 2128	2576	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\bd3d34ab1a33a8b3dc41bdd19c926e8983fa9fed74863e9499fed0e4fc0ed6df.exe
"C:\Users\Admin\AppData\Local\Temp\bd3d34ab1a33a8b3dc41bdd19c926e8983fa9fed74863e9499fed0e4fc0ed6df.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2128

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bc26e98c72cbdbb603c2da313eca9a96

SHA1
5dec61cb7e250ccf7f914741caea541a0fba9b5b

SHA256
98c2a360fcd98f2405a727f827fb8660220f8186ad2bbfeb0ecf8cf0ccd5a03f

SHA512
440473e3a6646b94a03ff5cb6704c7dd349bcdc6995e23e280e145135936d4af55453dd2cf8793b5b17f9c0719c25bc4b53011586f2b53f8ee37f141fda50b9f

Download Submit
memory/1868-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2128-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download