4077d6ef1746cca5411dc52507b5296077bac07368bb0e4aa529250d27cd8fe4

Analysis

max time kernel
119s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 19:32

Target

4077d6ef1746cca5411dc52507b5296077bac07368bb0e4aa529250d27cd8fe4.exe
Size

79KB
MD5

6d8c777a4965bff94b56eba2a35f6c3c
SHA1

7ab3bfc534e2d1b1406c48ae4bb60b4c721b9e3c
SHA256

4077d6ef1746cca5411dc52507b5296077bac07368bb0e4aa529250d27cd8fe4
SHA512

3ec0ee01b9c8c22e6c4233291dce108270b67c47d1c30207160a1b8927359038d9757ff1a0a2c29b1353a79d0a3af0258a83d32233271075fabc4b41042b0b07
SSDEEP

1536:zvvphnrLIXPSh4MOQA8AkqUhMb2nuy5wgIP0CSJ+5ypB8GMGlZ5G:zvvfXIXG45GdqU7uy5w9WMypN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2600	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2584	cmd.exe
2584	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2584	2952	4077d6ef1746cca5411dc52507b5296077bac07368bb0e4aa529250d27cd8fe4.exe	28
PID 2952 wrote to memory of 2584	2952	4077d6ef1746cca5411dc52507b5296077bac07368bb0e4aa529250d27cd8fe4.exe	28
PID 2952 wrote to memory of 2584	2952	4077d6ef1746cca5411dc52507b5296077bac07368bb0e4aa529250d27cd8fe4.exe	28
PID 2952 wrote to memory of 2584	2952	4077d6ef1746cca5411dc52507b5296077bac07368bb0e4aa529250d27cd8fe4.exe	28
PID 2584 wrote to memory of 2600	2584	cmd.exe	29
PID 2584 wrote to memory of 2600	2584	cmd.exe	29
PID 2584 wrote to memory of 2600	2584	cmd.exe	29
PID 2584 wrote to memory of 2600	2584	cmd.exe	29

C:\Users\Admin\AppData\Local\Temp\4077d6ef1746cca5411dc52507b5296077bac07368bb0e4aa529250d27cd8fe4.exe
"C:\Users\Admin\AppData\Local\Temp\4077d6ef1746cca5411dc52507b5296077bac07368bb0e4aa529250d27cd8fe4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2600

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8b966d012e161faed174f52c5d122b1c

SHA1
97dd75bdfd1c2d81db46383d88da8343cfed1cfe

SHA256
b3181352acb4282e4f744c19d04df52f1d7663fe8537b4820c87e6490b704497

SHA512
632cb8a7e43271d1fe2379b2cb6560e3e0e177772de95ab044abe0ce6f8c4532de769af1999b13e48ed1a059b68c8c79e14882f4bf32a0712bdfd61cc37d409a

Download Submit
memory/2600-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2952-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download