e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 00:54

Target

e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe
Size

79KB
MD5

dad2459a60d91b62b4b14c5b0c442376
SHA1

5619a24a82dcd963964214db05d7a590b6c45510
SHA256

e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef
SHA512

cca1952c9be72bfb543b11854ef875b9fd3d301bba4f19f0b238f8350f2789da5ee1adb8237b6896f2a4e3b782142c61ea8383663ecabe94dbd138c7b720d5e3
SSDEEP

1536:zvlrnEoGXoOQA8AkqUhMb2nuy5wgIP0CSJ+5ysB8GMGlZ5G:zvlrEoGXtGdqU7uy5w9WMysN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1664	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2096	cmd.exe
2096	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2096	1724	e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe	29
PID 1724 wrote to memory of 2096	1724	e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe	29
PID 1724 wrote to memory of 2096	1724	e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe	29
PID 1724 wrote to memory of 2096	1724	e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe	29
PID 2096 wrote to memory of 1664	2096	cmd.exe	30
PID 2096 wrote to memory of 1664	2096	cmd.exe	30
PID 2096 wrote to memory of 1664	2096	cmd.exe	30
PID 2096 wrote to memory of 1664	2096	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe
"C:\Users\Admin\AppData\Local\Temp\e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1664

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4f4fb03e102f2bc448ba24cef4ed9ed7

SHA1
d8b37c226b8de0da0d40f36a6ab6ef979c363c16

SHA256
4d7f7eaa2df931f3a5a12e64e0191cf93ea1ddfb987a679a75968acdfb68b5c0

SHA512
0f4de36fbac9d7dccb3d187e22e927bd49844f858795b71066349f301cdaadcb8a4331dfe721842511613561aa6702b1caef8cfffb386d886580fccb625f81f7

Download Submit
memory/1664-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1724-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download