79f31669c26836b42f858f917a96c68afaf1dc14c9bb3f04dceb2292e273bcdf

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 19:51

Target

d6fa4a21032553f744d9221b71cf6aa8.exe
Size

93KB
MD5

d6fa4a21032553f744d9221b71cf6aa8
SHA1

7ca9e0aa623da3037d6b2dd6fb56f700ab107abf
SHA256

79f31669c26836b42f858f917a96c68afaf1dc14c9bb3f04dceb2292e273bcdf
SHA512

0a1f1cf4d2ce7e6afffc94571076ab015c421b327852b75e44d4c45cb14e61da5abe5bf3500806f3d70dcfaab061d3376b761d571ab0883ab82503282573f2c6
SSDEEP

1536:bWqH1s7Tc//////ZaFDFpLaSLYicSJyoJhxUgv66JGSSAO9uD3g:B1KTc//////ZI4SLYYAmiK66oSar

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2508	ALT+X AutoFire.exe

Loads dropped DLL 2 IoCs

pid	Process
1908	cmd.exe
1908	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1908	2204	d6fa4a21032553f744d9221b71cf6aa8.exe	28
PID 2204 wrote to memory of 1908	2204	d6fa4a21032553f744d9221b71cf6aa8.exe	28
PID 2204 wrote to memory of 1908	2204	d6fa4a21032553f744d9221b71cf6aa8.exe	28
PID 2204 wrote to memory of 1908	2204	d6fa4a21032553f744d9221b71cf6aa8.exe	28
PID 1908 wrote to memory of 2508	1908	cmd.exe	30
PID 1908 wrote to memory of 2508	1908	cmd.exe	30
PID 1908 wrote to memory of 2508	1908	cmd.exe	30
PID 1908 wrote to memory of 2508	1908	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\d6fa4a21032553f744d9221b71cf6aa8.exe
"C:\Users\Admin\AppData\Local\Temp\d6fa4a21032553f744d9221b71cf6aa8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\AppData\Local\Temp\\ALT+X AutoFire.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1908
- - C:\Users\Admin\AppData\Local\Temp\ALT+X AutoFire.exe
    "C:\Users\Admin\AppData\Local\Temp\\ALT+X AutoFire.exe"
    3⤵
    - Executes dropped EXE
    PID:2508

C:\Users\Admin\AppData\Local\Temp\ALT+X AutoFire.exe

Filesize
46KB

MD5
357f0ff00660b431f4bf027154384af2

SHA1
c46ea9fbf928d0107c53a0c711623f38fa84fffe

SHA256
a5bdd544ce3f29b7f18240590acffde9ea5400ea4beb47469fead9b3b9a3bdfd

SHA512
e2317c83a9e209f278ea6e3a3a8fc8895e33738436c8b9155c7f1779884618d179b75fa7feab6a5ad830d5d6cf9c8ea59e8995dc6fce7b3227f545d2d8ab1a50

Download Submit
memory/2204-1-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2508-6-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download