ab96831de06890545a6aecf3a2a5763f9ad8e4416064e27cf818d35ce2f0df76

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 23:33

Target

ab96831de06890545a6aecf3a2a5763f9ad8e4416064e27cf818d35ce2f0df76.exe
Size

79KB
MD5

65859d66b79d49884f1ae0ea07da5cf6
SHA1

978448a2587f4afdfbcb2faa2aec3cadf3006419
SHA256

ab96831de06890545a6aecf3a2a5763f9ad8e4416064e27cf818d35ce2f0df76
SHA512

5cb511bfecc0a0139ed0b3c7fe29075d6c45af32903f0104f2779b7b14adf575eb47b9c50f824f880e8a1d0832a47ae4d8591c75bf0eb95fa0fab3e4fe4984e2
SSDEEP

1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5yyB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMyyN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3024	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3020	cmd.exe
3020	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 3020	2924	ab96831de06890545a6aecf3a2a5763f9ad8e4416064e27cf818d35ce2f0df76.exe	29
PID 2924 wrote to memory of 3020	2924	ab96831de06890545a6aecf3a2a5763f9ad8e4416064e27cf818d35ce2f0df76.exe	29
PID 2924 wrote to memory of 3020	2924	ab96831de06890545a6aecf3a2a5763f9ad8e4416064e27cf818d35ce2f0df76.exe	29
PID 2924 wrote to memory of 3020	2924	ab96831de06890545a6aecf3a2a5763f9ad8e4416064e27cf818d35ce2f0df76.exe	29
PID 3020 wrote to memory of 3024	3020	cmd.exe	30
PID 3020 wrote to memory of 3024	3020	cmd.exe	30
PID 3020 wrote to memory of 3024	3020	cmd.exe	30
PID 3020 wrote to memory of 3024	3020	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\ab96831de06890545a6aecf3a2a5763f9ad8e4416064e27cf818d35ce2f0df76.exe
"C:\Users\Admin\AppData\Local\Temp\ab96831de06890545a6aecf3a2a5763f9ad8e4416064e27cf818d35ce2f0df76.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3024

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bcdf2ed39cb2bc85cb1cbdaf1d788998

SHA1
f9dd754368db2c8e66009fb21533a6171cd185a7

SHA256
78639800e0b2fcb87000d2bd1c0c5d34df33581f8e49fb83257a0cddba583d61

SHA512
c793e14a28b131859f88a1db16257843edbc26093713b075cee7406cadf30f92af568a0dbc32b9c389a10739772a67b4a7f95ea9c9a7ebbd7828d16b3771eb25

Download Submit
memory/2924-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3024-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download