f3d3f6fe45d02fe018653f33be0a3d77b840c6c011a566c203ddda516b275b2e

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 01:56

Target

f3d3f6fe45d02fe018653f33be0a3d77b840c6c011a566c203ddda516b275b2e.exe
Size

79KB
MD5

25933fe81578f9e42abc35cfc5f8631e
SHA1

1012f88af3d9a7b0bdbcc7aef9c66617d8d667df
SHA256

f3d3f6fe45d02fe018653f33be0a3d77b840c6c011a566c203ddda516b275b2e
SHA512

95ebb6c7a252a91296de55765b0d4c83914f0a6c13a67161b5ecc878cae03d2b554cea51b0661db67f725e2687ebfa81966b41686889f88577e233ba3e85e4ed
SSDEEP

1536:zvkUugKOznTotoDadOQA8AkqUhMb2nuy5wgIP0CSJ+5yUB8GMGlZ5G:zvJuVtfEGdqU7uy5w9WMyUN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2604	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2072	cmd.exe
2072	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2072	2296	f3d3f6fe45d02fe018653f33be0a3d77b840c6c011a566c203ddda516b275b2e.exe	29
PID 2296 wrote to memory of 2072	2296	f3d3f6fe45d02fe018653f33be0a3d77b840c6c011a566c203ddda516b275b2e.exe	29
PID 2296 wrote to memory of 2072	2296	f3d3f6fe45d02fe018653f33be0a3d77b840c6c011a566c203ddda516b275b2e.exe	29
PID 2296 wrote to memory of 2072	2296	f3d3f6fe45d02fe018653f33be0a3d77b840c6c011a566c203ddda516b275b2e.exe	29
PID 2072 wrote to memory of 2604	2072	cmd.exe	30
PID 2072 wrote to memory of 2604	2072	cmd.exe	30
PID 2072 wrote to memory of 2604	2072	cmd.exe	30
PID 2072 wrote to memory of 2604	2072	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\f3d3f6fe45d02fe018653f33be0a3d77b840c6c011a566c203ddda516b275b2e.exe
"C:\Users\Admin\AppData\Local\Temp\f3d3f6fe45d02fe018653f33be0a3d77b840c6c011a566c203ddda516b275b2e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2604

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
85f39d6a3efe0e30e3c88dfc4b5f47e8

SHA1
0536fa3ca56c5b9f0ef3d95e43fba7954cbf76e6

SHA256
d56235b60c4efc7c871bb569e21bd88d7e9e1392f90dc199ca4eb3e59bed023f

SHA512
a9cd8eb846c2841af34bcc7546d8ecff0b0178330f961953fd12798bf955e1a1ad24e2af1a690b00f16524fd2f14dbb68206ad2408bc186b27b547dc66791c2e

Download Submit
memory/2296-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2604-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download