9a156b574a7328d4a0d89024a5d48a6277561a633d6682e92dca466e23b525b2

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 22:11

Target

9a156b574a7328d4a0d89024a5d48a6277561a633d6682e92dca466e23b525b2.exe
Size

79KB
MD5

793b403837ebd722f55c6de305aa3c58
SHA1

0cc90b5bc492f9a06cc661e6b90b0f4655309462
SHA256

9a156b574a7328d4a0d89024a5d48a6277561a633d6682e92dca466e23b525b2
SHA512

73fc8c881ab1105abc8fade1e0c4b4ed162db363a3fca606867c7d7709c1370fa3caac450d6cb00f37792739f5b98f452c275bf7a7cd40af7f86d295b01697c1
SSDEEP

1536:zvm5Om0rld8Ms1FAOgSmOQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zvm5OTld8r1QSjGdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2404	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2016	cmd.exe
2016	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2016	2752	9a156b574a7328d4a0d89024a5d48a6277561a633d6682e92dca466e23b525b2.exe	29
PID 2752 wrote to memory of 2016	2752	9a156b574a7328d4a0d89024a5d48a6277561a633d6682e92dca466e23b525b2.exe	29
PID 2752 wrote to memory of 2016	2752	9a156b574a7328d4a0d89024a5d48a6277561a633d6682e92dca466e23b525b2.exe	29
PID 2752 wrote to memory of 2016	2752	9a156b574a7328d4a0d89024a5d48a6277561a633d6682e92dca466e23b525b2.exe	29
PID 2016 wrote to memory of 2404	2016	cmd.exe	30
PID 2016 wrote to memory of 2404	2016	cmd.exe	30
PID 2016 wrote to memory of 2404	2016	cmd.exe	30
PID 2016 wrote to memory of 2404	2016	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\9a156b574a7328d4a0d89024a5d48a6277561a633d6682e92dca466e23b525b2.exe
"C:\Users\Admin\AppData\Local\Temp\9a156b574a7328d4a0d89024a5d48a6277561a633d6682e92dca466e23b525b2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2404

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
63777f901234c109a2c55de6030d2ffd

SHA1
2b08f8a44a4fd1163924fa205a5f0d136a39f637

SHA256
eaf14ce7be2c4556d9c19ae71e201d4006ac4ffc47b09ffae984fef111d163fa

SHA512
706bcd8ff7dd1714fff4896dacedacad0912398bc75745bad654d2e1d931d68df6316cfc5daa4627fd01c876bbbae953db8857ffcb6fbbf0e7bbe4a1659400e8

Download Submit
memory/2404-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2752-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download