78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 21:41

Target

78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe
Size

73KB
MD5

087034c72e78bf8713ed833d408781fc
SHA1

eaa037b11bb20f85e8fc808da00c23fa98da3490
SHA256

78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02
SHA512

ee9ffc50a1f909fe803483907f08aa78f31b53e696d6e7828831ab0cec7ec2c90da36e3e93a3fb663ba83a0ead7fdf235e01cedd68986148e2992a17d14041e3
SSDEEP

1536:hb43rAq3XzfK5QPqfhVWbdsmA+RjPFLC+e5hH0ZGUGf2g:hczHzNPqfcxA+HFshHOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2476	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2456	cmd.exe
2456	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2456	2280	78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe	28
PID 2280 wrote to memory of 2456	2280	78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe	28
PID 2280 wrote to memory of 2456	2280	78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe	28
PID 2280 wrote to memory of 2456	2280	78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe	28
PID 2456 wrote to memory of 2476	2456	cmd.exe	29
PID 2456 wrote to memory of 2476	2456	cmd.exe	29
PID 2456 wrote to memory of 2476	2456	cmd.exe	29
PID 2456 wrote to memory of 2476	2456	cmd.exe	29
PID 2476 wrote to memory of 2700	2476	[email protected]	30
PID 2476 wrote to memory of 2700	2476	[email protected]	30
PID 2476 wrote to memory of 2700	2476	[email protected]	30
PID 2476 wrote to memory of 2700	2476	[email protected]	30

C:\Users\Admin\AppData\Local\Temp\78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe
"C:\Users\Admin\AppData\Local\Temp\78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 16256.exe
      4⤵
      PID:2700

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
91addcf40a1393b0dc862721e3134b6c

SHA1
39666e448aac64900113621efd40f20877e62019

SHA256
90e15e4bb41cadd3e691dabc2ac610573884dbc0ea1525ae4789f6da44474764

SHA512
f4c948bc12ae9760f2e6a047da5cca091f89a508500cd7cffe3ee716dd6a130bb171ea54f344e704c6f7a2470a65bcd3939356c2b5cee5f97deb7db1c3d04d9f

Download Submit
memory/2280-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2476-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download