c33cb022e1c8762d3152e4d65150d7639be6e365e2ed2f100bc779c55f02dc91

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 00:37

Target

ca0a8ae7371de2711f63ea1ee28e48bb.exe
Size

433KB
MD5

ca0a8ae7371de2711f63ea1ee28e48bb
SHA1

c1010adf2881666b1db1d31f92e3a62ae2d7f5b4
SHA256

c33cb022e1c8762d3152e4d65150d7639be6e365e2ed2f100bc779c55f02dc91
SHA512

865aaa7fa0cfc083ab2e508437a761024f7f23db6ca32fe2695a1933a3a84dccf62ce18cc3c2d73d71033687ccd5ea30afdc7911c6daa6ed584b150212531299
SSDEEP

6144:MTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh36rSLL64j7W4SPHREa0KmmnahTBhY:MLry/neyx7f/A64j7PSfREK69hY

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3068	cfvl.exe

Loads dropped DLL 1 IoCs

pid	Process
2296	ca0a8ae7371de2711f63ea1ee28e48bb.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wazypssp\cfvl.exe	ca0a8ae7371de2711f63ea1ee28e48bb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 3068	2296	ca0a8ae7371de2711f63ea1ee28e48bb.exe	28
PID 2296 wrote to memory of 3068	2296	ca0a8ae7371de2711f63ea1ee28e48bb.exe	28
PID 2296 wrote to memory of 3068	2296	ca0a8ae7371de2711f63ea1ee28e48bb.exe	28
PID 2296 wrote to memory of 3068	2296	ca0a8ae7371de2711f63ea1ee28e48bb.exe	28

C:\Users\Admin\AppData\Local\Temp\ca0a8ae7371de2711f63ea1ee28e48bb.exe
"C:\Users\Admin\AppData\Local\Temp\ca0a8ae7371de2711f63ea1ee28e48bb.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files (x86)\wazypssp\cfvl.exe
  "C:\Program Files (x86)\wazypssp\cfvl.exe"
  2⤵
  - Executes dropped EXE
  PID:3068

\Program Files (x86)\wazypssp\cfvl.exe

Filesize
446KB

MD5
763d012c38db69760c38e6cdba134722

SHA1
089db1e2cdbe4ec07059347c29cf145c3db30a4c

SHA256
d0c0d2de7a8a60e46f5564bb756f4f6a4eb1472fbf45c7ce7164ae643f704a3f

SHA512
798249defe1a140c0d1fc39245ba51f377ee63a776c15b688fc057c0f1b17db97becec797f8b5f0953e58d74d32e8358de7486e36d3c48092378b6753c8764da

Download Submit
memory/2296-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2296-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2296-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3068-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3068-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download