b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 09:02

Target

b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe
Size

190KB
MD5

d5ec6a19366826da29f0f1adf2f92a22
SHA1

ba64824ef36079a4344e065f8c27b80ab5afc9bf
SHA256

b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe
SHA512

13b8b2e0236725e98fd672f1802ed0e098fb52aa340d1984b95126199d847a6961d8fe7e1da05abd888fcd7902dff33103cd9d768e7c038629efb69494862a07
SSDEEP

3072:8DqhDzP9P/4qghV0SlOK10xnSQg6OLQ0cOfjaSsIAKMYIw9VTGIff2LLexnUW9qL:8+hDZ/Hgb04/yxSQh+fjTAKM3w9V5f8P

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2020	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe

Executes dropped EXE 1 IoCs

pid	Process
2020	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe

Loads dropped DLL 1 IoCs

pid	Process
1636	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2020	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1636	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2020	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2020	1636	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe	28
PID 1636 wrote to memory of 2020	1636	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe	28
PID 1636 wrote to memory of 2020	1636	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe	28
PID 1636 wrote to memory of 2020	1636	b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe	28

\Users\Admin\AppData\Local\Temp\b46b477516b5d8ffbd81663d3ffd8b6bf5db6b03bbf16d56f3bdc57eb7af9cbe.exe

Filesize
190KB

MD5
1baa172aeaa488f8cbf133045499201b

SHA1
7cf9cd1fb3059ad1b193d799df8e9850dfddf03e

SHA256
fba6692650b9bd44fc185457f70387f5bcfb6fcbd448aad23d2b8b6decb0151c

SHA512
33e0a3c255efc88c765efdb9624671f9f3b055df292b6a60a7b5a54ebb0f023ae2255ca60214ef9b464b8c1f0a835e22e30e1c633f2d7ef54ee3c6aae2310b11

Download Submit
memory/1636-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1636-9-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1636-6-0x0000000000130000-0x000000000016A000-memory.dmp

Filesize
232KB

Download
memory/2020-11-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2020-12-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2020-14-0x0000000000130000-0x000000000016A000-memory.dmp

Filesize
232KB

Download
memory/2020-18-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download