48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 20:07

Target

48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe
Size

220KB
MD5

5dbe3c2f7d155eb508de1a5e65361588
SHA1

eb9f0e8081385f3ecf962421968f8c737131b1ad
SHA256

48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c
SHA512

cbeffe694eb632aa07100468632c55b9c7b51976124e3b01d7b2c26e320632d146c50b80782ffa91a436e3da1681dad4f21dd05da8eff28eff2e067d18d632f5
SSDEEP

3072:wZGb1+adM+Bl7g1VjUa0uN+NKvHu8bvjmfyabPdAtoOQyaw9nDTwK+fxVOiwB:wwh+aGE8hUa0uNVz7mfNPc1T9nHw/VC

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2504	48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe

Executes dropped EXE 1 IoCs

pid	Process
2504	48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe

Loads dropped DLL 1 IoCs

pid	Process
2352	48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2352	48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2504	48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2504	2352	48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe	29
PID 2352 wrote to memory of 2504	2352	48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe	29
PID 2352 wrote to memory of 2504	2352	48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe	29
PID 2352 wrote to memory of 2504	2352	48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe	29

\Users\Admin\AppData\Local\Temp\48f560dae2bdd498282bebf0d9f63a9c0a699467b13892ab789aefdd6c00473c.exe

Filesize
220KB

MD5
fdd94667de4ceb4dbb4ddbc104b49adf

SHA1
3863039787d958739a1933d75df19f46ed75a967

SHA256
2284b73fd2f2199dd9f6f1a74b42c2524b95abb099955f9f8a6f84bca4736282

SHA512
9f798a6a0eeb32c07a2c7d3d6728a8630e24f3b07cac95a93b9f0f0bf8296889e555a3f16d0eaadacf460a2f2776887ffbfa44678de3b6ede629f3372a56e5f7

Download Submit
memory/2352-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2352-6-0x0000000000130000-0x0000000000167000-memory.dmp

Filesize
220KB

Download
memory/2352-9-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2504-11-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2504-12-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2504-17-0x0000000000130000-0x0000000000167000-memory.dmp

Filesize
220KB

Download