a6bb41cad03135c16693a0e45b80b6403727d3b7c068b1bc8a618ee0660bf92c

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 22:37

Target

a6bb41cad03135c16693a0e45b80b6403727d3b7c068b1bc8a618ee0660bf92c.exe
Size

79KB
MD5

bda57b1caae88b416e2fdb3a160d17ab
SHA1

c5bbee93a12f0f3c6bba6495aa0bf82e530f9d77
SHA256

a6bb41cad03135c16693a0e45b80b6403727d3b7c068b1bc8a618ee0660bf92c
SHA512

6c101eca1c383233ddfc0cdd775b6c6a3a34b67d9e8b125f63be7a6ec3d78ba805ef6f33e9bd42d7e57137b1b4547710bb625d1c9b92101a59f39df632640bf4
SSDEEP

1536:zvJRAT+S0kaNVu9TOQA8AkqUhMb2nuy5wgIP0CSJ+5ymAB8GMGlZ5G:zvJR6Z0FNVuUGdqU7uy5w9WMy9N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1072	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2276	cmd.exe
2276	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2276	2240	a6bb41cad03135c16693a0e45b80b6403727d3b7c068b1bc8a618ee0660bf92c.exe	29
PID 2240 wrote to memory of 2276	2240	a6bb41cad03135c16693a0e45b80b6403727d3b7c068b1bc8a618ee0660bf92c.exe	29
PID 2240 wrote to memory of 2276	2240	a6bb41cad03135c16693a0e45b80b6403727d3b7c068b1bc8a618ee0660bf92c.exe	29
PID 2240 wrote to memory of 2276	2240	a6bb41cad03135c16693a0e45b80b6403727d3b7c068b1bc8a618ee0660bf92c.exe	29
PID 2276 wrote to memory of 1072	2276	cmd.exe	30
PID 2276 wrote to memory of 1072	2276	cmd.exe	30
PID 2276 wrote to memory of 1072	2276	cmd.exe	30
PID 2276 wrote to memory of 1072	2276	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\a6bb41cad03135c16693a0e45b80b6403727d3b7c068b1bc8a618ee0660bf92c.exe
"C:\Users\Admin\AppData\Local\Temp\a6bb41cad03135c16693a0e45b80b6403727d3b7c068b1bc8a618ee0660bf92c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1072

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fbd5f9a76da1ae84fb8307d9d63ea677

SHA1
4b8a9903f7e2bfee05d27bb831571be17f4bb5d2

SHA256
920e74c4ebe5bd67e28b0e50f89b68de15443f8b96dadb67a0656e09dd748ea6

SHA512
13d6223c6e3736bba93920f2569b7dd05e24c2799aef9f7f70b0c95d0573dceaf8032148139ead7eaf52d50454ed5bc102f47bc79b713e697c478a7d2626dd20

Download Submit
memory/1072-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2240-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download