6354cf3776127a357c94ec93865786d1b2b36a702f9f669da47e060f766796de

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 20:50

Target

6354cf3776127a357c94ec93865786d1b2b36a702f9f669da47e060f766796de.exe
Size

79KB
MD5

03802c196e69ac85b01a51f3938fb0b9
SHA1

0974d515e2ce3c50f2b1d27b6310cf142b835834
SHA256

6354cf3776127a357c94ec93865786d1b2b36a702f9f669da47e060f766796de
SHA512

33ac6a882505cc159ad495904e0255308cfc58c801af9fe1b3d45bb3efb77985c044b54f1b544bbaf1a1d69b344576c4cb6c886a8ba173710b4da78c6972cb8d
SSDEEP

1536:zvuE77Aou+e+OQA8AkqUhMb2nuy5wgIP0CSJ+5ylB8GMGlZ5G:zvuE7c+MGdqU7uy5w9WMylN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2916	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2968	cmd.exe
2968	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 2968	1028	6354cf3776127a357c94ec93865786d1b2b36a702f9f669da47e060f766796de.exe	29
PID 1028 wrote to memory of 2968	1028	6354cf3776127a357c94ec93865786d1b2b36a702f9f669da47e060f766796de.exe	29
PID 1028 wrote to memory of 2968	1028	6354cf3776127a357c94ec93865786d1b2b36a702f9f669da47e060f766796de.exe	29
PID 1028 wrote to memory of 2968	1028	6354cf3776127a357c94ec93865786d1b2b36a702f9f669da47e060f766796de.exe	29
PID 2968 wrote to memory of 2916	2968	cmd.exe	30
PID 2968 wrote to memory of 2916	2968	cmd.exe	30
PID 2968 wrote to memory of 2916	2968	cmd.exe	30
PID 2968 wrote to memory of 2916	2968	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6354cf3776127a357c94ec93865786d1b2b36a702f9f669da47e060f766796de.exe
"C:\Users\Admin\AppData\Local\Temp\6354cf3776127a357c94ec93865786d1b2b36a702f9f669da47e060f766796de.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2916

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0b346e24e57925364e51728c491179ef

SHA1
36edb9f3b89745df4dec927386ca8021e1457e4c

SHA256
7dbca21fb22b8b081d2dda6c176d5d621144511915be2e8421f19aa1f7897d1d

SHA512
01d0c0fcba7a7a006b62538c1f7e502b3f71d43ecef9866392f5e2df80561e3b7712798a554f6655eb8449ce9f73f626a17d0e1d7cc02f5e7ea77ced94c5a88b

Download Submit
memory/1028-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2916-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download