e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 01:00

Target

e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe
Size

79KB
MD5

26d050fcdda7a10c0b1a05ec965fea05
SHA1

6bef086fea3d86b145512903206f4cf27771ba92
SHA256

e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf
SHA512

f0daf7807bd19786e289710c2844a863cf758f244439e8922be0118a418ebc7cd56d7a978d17449625e71a94ac2dc8b7b9ba3f622bf6abb7e6b5f6e04ff2167e
SSDEEP

1536:zvFCi+hPMVazshHjic8OQA8AkqUhMb2nuy5wgIP0CSJ+5yvB8GMGlZ5G:zvFoh0ESDicJGdqU7uy5w9WMyvN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2888	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2604	cmd.exe
2604	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2604	1964	e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe	29
PID 1964 wrote to memory of 2604	1964	e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe	29
PID 1964 wrote to memory of 2604	1964	e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe	29
PID 1964 wrote to memory of 2604	1964	e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe	29
PID 2604 wrote to memory of 2888	2604	cmd.exe	30
PID 2604 wrote to memory of 2888	2604	cmd.exe	30
PID 2604 wrote to memory of 2888	2604	cmd.exe	30
PID 2604 wrote to memory of 2888	2604	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe
"C:\Users\Admin\AppData\Local\Temp\e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2888

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ecd1e6421c10f7818f514e252a0bb5e2

SHA1
93223fb7156f3d21c8eb1bb991cf7dd4226ad816

SHA256
f2074f2eed6b9f671816f0af71651b5136951de7329f4536f46364d0b78b9845

SHA512
fabbef6578196ba835f907193c8864267f9e0a49e5b21df1aae82547216f5492ddd0a94abb0982434c3bd138ba7c92f9bb00b2920a007eb8521b367c534e1960

Download Submit
memory/1964-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2888-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download