ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 02:19

Target

ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe
Size

79KB
MD5

203639d3e32b02411021912a97472834
SHA1

bdd7867ccea56af4bb09ac084724c69ad76915d5
SHA256

ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe
SHA512

f53f566b1cfefbc53c1c7d51b7fecae33e4d680788ca63aa8933d60d00b21c4e1fd49fb9bf1f992b9b938673c51904d32d0c92c9a9ac1118b976b3ed24877e0e
SSDEEP

1536:zvKF4uRm+53CRfNducyOQA8AkqUhMb2nuy5wgIP0CSJ+5y5B8GMGlZ5G:zvNuAjGdqU7uy5w9WMy5N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3044	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2096	cmd.exe
2096	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2096	2008	ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe	29
PID 2008 wrote to memory of 2096	2008	ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe	29
PID 2008 wrote to memory of 2096	2008	ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe	29
PID 2008 wrote to memory of 2096	2008	ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe	29
PID 2096 wrote to memory of 3044	2096	cmd.exe	30
PID 2096 wrote to memory of 3044	2096	cmd.exe	30
PID 2096 wrote to memory of 3044	2096	cmd.exe	30
PID 2096 wrote to memory of 3044	2096	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe
"C:\Users\Admin\AppData\Local\Temp\ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3044

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ff940ec83356b5b039240a9452344a13

SHA1
3d3728da745091477bc3eda208684d496a5f9424

SHA256
1661aa37abb31cf9bfc52f99819955e14fe88f711f0159731d29830cd079ce2b

SHA512
60dd0cbed544bce16034b6ff36b30fe0bf953666201cf2d505b392b0d02672797f8344a3234821c2bbdc3b732b9a80e9455d8dfd8c794471d2e19dbb70f651e1

Download Submit
memory/2008-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3044-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download