3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 18:06

Target

3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe
Size

79KB
MD5

81f2a430351344558ab96b8389e253bd
SHA1

0cab280ab7094da984800124ae5196ae6960f4c9
SHA256

3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111
SHA512

51e6b3f7e7d0ef805b70d352ea1200a98874f5560ee010a04203972c2625723a4a48ee10ce795a1a997bced7717b5485579296716a1097819636f2c749943aa4
SSDEEP

1536:zvuE77Aou+e+OQA8AkqUhMb2nuy5wgIP0CSJ+5yxB8GMGlZ5G:zvuE7c+MGdqU7uy5w9WMyxN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1224	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2124	cmd.exe
2124	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2124	3060	3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe	29
PID 3060 wrote to memory of 2124	3060	3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe	29
PID 3060 wrote to memory of 2124	3060	3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe	29
PID 3060 wrote to memory of 2124	3060	3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe	29
PID 2124 wrote to memory of 1224	2124	cmd.exe	30
PID 2124 wrote to memory of 1224	2124	cmd.exe	30
PID 2124 wrote to memory of 1224	2124	cmd.exe	30
PID 2124 wrote to memory of 1224	2124	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe
"C:\Users\Admin\AppData\Local\Temp\3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1224

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5448e4eb4db1e7564cd110e6b04c1e94

SHA1
81aa8d9cef9431bd022bcc54c13cc226060d0375

SHA256
2d48205b1ad3c08a16003b844814762e8da397ec6da087e6c83e11937e7a0a74

SHA512
6e007c186eb5ae9e41e4cb88ad9d75d6f413effbf96c3b7afec1ed3310658d4e2ff29f523235db2fb862a660b63ed5cdfd69b1bbb6e2f11f84d9dd825592e4de

Download Submit
memory/1224-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3060-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download