b185ab92952e7e54384b06e9b45bdbe91591b6c4a7c74f67629ac2ede91176e5

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 06:23

Target

cab40f9a9e609c9f10637d6d205faa88.exe
Size

718KB
MD5

cab40f9a9e609c9f10637d6d205faa88
SHA1

3144c73c1ae7de0411c3d7415724d3725360f2e0
SHA256

b185ab92952e7e54384b06e9b45bdbe91591b6c4a7c74f67629ac2ede91176e5
SHA512

0ac7d13ea24dd42f412e3cdb7478cb26e1a278553293661e1b17d59f34a92a91c47e99235d297985ea3ec1750dc2e7f31edcf0235debb468acf1301acf74bef1
SSDEEP

12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJLDl164NkCadqvgnZ4zTOAOYSfieFXQCHE:7zXKqa8SEijjC+37li4daoInr1YSfi6k

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2136	ldbqixmatdasv.exe

Loads dropped DLL 1 IoCs

pid	Process
1724	cab40f9a9e609c9f10637d6d205faa88.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\yazdeuwt\ldbqixmatdasv.exe	cab40f9a9e609c9f10637d6d205faa88.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2136	1724	cab40f9a9e609c9f10637d6d205faa88.exe	28
PID 1724 wrote to memory of 2136	1724	cab40f9a9e609c9f10637d6d205faa88.exe	28
PID 1724 wrote to memory of 2136	1724	cab40f9a9e609c9f10637d6d205faa88.exe	28
PID 1724 wrote to memory of 2136	1724	cab40f9a9e609c9f10637d6d205faa88.exe	28

C:\Users\Admin\AppData\Local\Temp\cab40f9a9e609c9f10637d6d205faa88.exe
"C:\Users\Admin\AppData\Local\Temp\cab40f9a9e609c9f10637d6d205faa88.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\yazdeuwt\ldbqixmatdasv.exe
  "C:\Program Files (x86)\yazdeuwt\ldbqixmatdasv.exe"
  2⤵
  - Executes dropped EXE
  PID:2136

C:\Program Files (x86)\yazdeuwt\ldbqixmatdasv.exe

Filesize
512KB

MD5
2efb696ec7307345635f992fb4eee35d

SHA1
4f3b4627554ee94a659a76bae810880f00faadda

SHA256
46995118b53f8b1deaa5e8faf515731de031f2cf7480047f3cba496e697a3859

SHA512
ba4e69e45d8cbd98e4265113feb665304bbfd6b28348e4517febeec98580ee615f24919f1f0ae69bb8cb361f9171c6d23b186a8289a234306d55d4d70cb2c1ee

Download Submit
\Program Files (x86)\yazdeuwt\ldbqixmatdasv.exe

Filesize
737KB

MD5
fa57699100d028fca4c0d2a688201aeb

SHA1
bb3a0348073626386ca84f4a1a54032b3e4b93f2

SHA256
6d8263ae0f50fb6d4ce2596aaddab93874fdefb32c35ddc7e8e1001d67770929

SHA512
3295ae9813e43b051aca28a5657e14a717114d9ce77e2fc3ff62d48457660baae7ada449c2541fd53c4c0c12a9683452a7725bddda95c9ec8739382b44d321a4

Download Submit
memory/1724-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1724-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1724-5-0x0000000001CF0000-0x0000000001D84000-memory.dmp

Filesize
592KB

Download
memory/1724-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2136-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2136-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2136-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download