78f892154c7262fd91b92b479dbce55db921eae8636049031a0cf2f81d8d3bc5

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 14:55

Target

d665736ff7ebcdd64d333267ba4b09e3.exe
Size

919KB
MD5

d665736ff7ebcdd64d333267ba4b09e3
SHA1

761f1919dfcccca4b589fdfffcf787cb77111934
SHA256

78f892154c7262fd91b92b479dbce55db921eae8636049031a0cf2f81d8d3bc5
SHA512

99d3e1697b6e2b91caa69d308aec4928568d28f78c33506a61bd6b0f0a448656132987528daf9cb292009c7b4166ca0c53235bb75c4effbf55493f027769d638
SSDEEP

24576:qKeyxTAJj7P+yjUr78DpyW6BdUxDAMZvFbcprx/Uz8X:qKeyRA0yQP8DpyW6Yxbhcrx/Uz8

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2136	mhj.exe

Loads dropped DLL 1 IoCs

pid	Process
2884	d665736ff7ebcdd64d333267ba4b09e3.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\qskf\mhj.exe	d665736ff7ebcdd64d333267ba4b09e3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2136	2884	d665736ff7ebcdd64d333267ba4b09e3.exe	28
PID 2884 wrote to memory of 2136	2884	d665736ff7ebcdd64d333267ba4b09e3.exe	28
PID 2884 wrote to memory of 2136	2884	d665736ff7ebcdd64d333267ba4b09e3.exe	28
PID 2884 wrote to memory of 2136	2884	d665736ff7ebcdd64d333267ba4b09e3.exe	28

C:\Users\Admin\AppData\Local\Temp\d665736ff7ebcdd64d333267ba4b09e3.exe
"C:\Users\Admin\AppData\Local\Temp\d665736ff7ebcdd64d333267ba4b09e3.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files (x86)\qskf\mhj.exe
  "C:\Program Files (x86)\qskf\mhj.exe"
  2⤵
  - Executes dropped EXE
  PID:2136

C:\Program Files (x86)\qskf\mhj.exe

Filesize
930KB

MD5
4deaa90be28561a8b51924c62bcb2765

SHA1
fb129a9c654fefecb7c8e691f742c25a76b59966

SHA256
150141b5d1364fdc5b5ea1deede9527f007935cf43f20400407995947619c216

SHA512
624b3bf256dab5cc3ddf0c6ddde6e83825842823f2ae45352c8ee02684abbd25ab62bbb31d5b6180de4423212edf81960a4a91606837e8fecfd526c512cd810d

Download Submit
\Program Files (x86)\qskf\mhj.exe

Filesize
55KB

MD5
108c113bf825187427a1f4b2ca226a0a

SHA1
07edd9fdc3916c32b61e9416f3ae0e9ee0cfb7b4

SHA256
2d401b0bcb9a91b0551c770601d45deaa0736cffc67d2c71f402fa2aeb78d223

SHA512
3b7eeca3c40da89bbc70aac2f51f31fe572c37a8c8f211c31a25788fdf91e0da78e1fa35ada4511946b56efbcd996ce1f1107429f43e80fc70b3a9e05593fa74

Download Submit
memory/2136-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2136-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2884-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2884-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2884-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2884-6-0x0000000000340000-0x00000000003D4000-memory.dmp

Filesize
592KB

Download