20e5ec704506f403e1efe163f6f0a42364901698b3fc3949a191ee5f85dc3c26

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 18:15

Target

20e5ec704506f403e1efe163f6f0a42364901698b3fc3949a191ee5f85dc3c26.exe
Size

73KB
MD5

8009cfc449d117e70728180fbad88cc2
SHA1

c38c94f7deb6386bf4fb00834d5314ab30ca3777
SHA256

20e5ec704506f403e1efe163f6f0a42364901698b3fc3949a191ee5f85dc3c26
SHA512

0d8a529e679c6515ffeebbf21170a1781402086f0ab0870d309c74c19df47928bab27155b25514a2918e0cf45ab6f818bf554c996a9d033e1f8c126f70159969
SSDEEP

1536:hbWGg3rKnYK5QPqfhVWbdsmA+RjPFLC+e5hO0ZGUGf2g:h+bKnYNPqfcxA+HFshOOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2936	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2716	cmd.exe
2716	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2716	2228	20e5ec704506f403e1efe163f6f0a42364901698b3fc3949a191ee5f85dc3c26.exe	29
PID 2228 wrote to memory of 2716	2228	20e5ec704506f403e1efe163f6f0a42364901698b3fc3949a191ee5f85dc3c26.exe	29
PID 2228 wrote to memory of 2716	2228	20e5ec704506f403e1efe163f6f0a42364901698b3fc3949a191ee5f85dc3c26.exe	29
PID 2228 wrote to memory of 2716	2228	20e5ec704506f403e1efe163f6f0a42364901698b3fc3949a191ee5f85dc3c26.exe	29
PID 2716 wrote to memory of 2936	2716	cmd.exe	30
PID 2716 wrote to memory of 2936	2716	cmd.exe	30
PID 2716 wrote to memory of 2936	2716	cmd.exe	30
PID 2716 wrote to memory of 2936	2716	cmd.exe	30
PID 2936 wrote to memory of 2568	2936	[email protected]	31
PID 2936 wrote to memory of 2568	2936	[email protected]	31
PID 2936 wrote to memory of 2568	2936	[email protected]	31
PID 2936 wrote to memory of 2568	2936	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\20e5ec704506f403e1efe163f6f0a42364901698b3fc3949a191ee5f85dc3c26.exe
"C:\Users\Admin\AppData\Local\Temp\20e5ec704506f403e1efe163f6f0a42364901698b3fc3949a191ee5f85dc3c26.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2568

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
16621e175f93445d50abfc16d496e81b

SHA1
69934e8e0129bbd4fb55ea8f3616419ec5549589

SHA256
4232118a56e2a3102831a59fe38100ccd8dc7c01d26fa37b92bfe9d7c7e32116

SHA512
d052f0f3f9e700a3b7e21fbb21d246c5941da386967cb096b3d087df1e24d2540708d259f4f5a6f8425b9b600854d201aab5942dfe4f182753caed25e331cca1

Download Submit
memory/2228-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2936-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download