5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 19:09

Target

5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe
Size

311KB
MD5

f25a34e1ecd53b5c1cba4cef277a5d8c
SHA1

7ee4f81523312de5953ccd08f7158b57219aabe3
SHA256

5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a
SHA512

8d4f3333476b821233b843974c56e6da1662f8b598c83c89cf13ae2659e1995c955b9cba26940e0e88f01f7cc4c473ff158fb0013f9ff946215e7cc4d393e035
SSDEEP

6144:Qe/w7ykvBSwLVCwbUcd4Y7g+aGE8w5WMB35bKh+aGE:hw2kJBTjw5W635

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2136	5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe

Loads dropped DLL 1 IoCs

pid	Process
2312	5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2312	5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2136	2312	5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe	29
PID 2312 wrote to memory of 2136	2312	5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe	29
PID 2312 wrote to memory of 2136	2312	5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe	29
PID 2312 wrote to memory of 2136	2312	5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe	29

C:\Users\Admin\AppData\Local\Temp\5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe
"C:\Users\Admin\AppData\Local\Temp\5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Temp\5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe
  C:\Users\Admin\AppData\Local\Temp\5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe
  2⤵
  - Executes dropped EXE
  PID:2136

\Users\Admin\AppData\Local\Temp\5e45b8f4203c182cec649da6a1b185c8c6899822433fbbd45d63c4883dbe533a.exe

Filesize
311KB

MD5
713c655b57efdc2d2dea7606453543d1

SHA1
e08b00613b30df2e4e92dd058148cc6a16ad9eec

SHA256
1f259bad46549aec4addb14b1945b8fb8e65cc7185861cccbea5d23656dbadc9

SHA512
bdce2064d266bd6efb19051ff828ef994c3653c9ae5433c1cc645dec491297146d4518966b1b6e68d5e6e42d17faf25ad0862a7555d9df1d5800c48b99245920

Download Submit
memory/2136-12-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2312-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2312-10-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download