a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 22:05

Target

a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe
Size

79KB
MD5

01ca5daff1b4679bf21d8ffe1998e900
SHA1

eee501048a9cd78bf68bf109824ae025b9786d01
SHA256

a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869
SHA512

5c39ccd69d6af5d3242a85ca3ca5b1e600e7acfc1e2b455dd35254efbd8440c5a381b04b48a8c62d6dcdd5e08d359757050ce2d704c218ec3bd9391add18f077
SSDEEP

1536:zvNtttF470FN/OQA8AkqUhMb2nuy5wgIP0CSJ+5yD22B8GMGlZ5G:zvF470FgGdqU7uy5w9WMyD22N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1696	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1328	cmd.exe
1328	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 1328	1332	a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe	29
PID 1332 wrote to memory of 1328	1332	a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe	29
PID 1332 wrote to memory of 1328	1332	a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe	29
PID 1332 wrote to memory of 1328	1332	a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe	29
PID 1328 wrote to memory of 1696	1328	cmd.exe	30
PID 1328 wrote to memory of 1696	1328	cmd.exe	30
PID 1328 wrote to memory of 1696	1328	cmd.exe	30
PID 1328 wrote to memory of 1696	1328	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe
"C:\Users\Admin\AppData\Local\Temp\a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1328
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1696

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bb3364b04d07257b5bcd5d74d74bf1be

SHA1
f0f9644a2a067db75ab71f0d18df5f40af4b1854

SHA256
c694443dbf1e4d0a11f4ca9c1a720a5443ed340433925f5e0131e259c21b276d

SHA512
e336bc6d9437fa6a9a773529663026463733baa1563fd289e234769b9940590cd3e369e433143dcf7e45c358412cbd7e9fb67abfc3cdef491ced977ce9292b42

Download Submit
memory/1332-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1696-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download