3526c74a22a6a7ff285bddc4a055d22e443bd2d9ceb47aa7bc20240256084787

Analysis

max time kernel
61s
max time network
19s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 13:44

Target

dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea.exe
Size

112KB
MD5

c835d22fdb3c6981ce4b103bddf5e992
SHA1

f33af47012692e3cd18b0224e78637325113772e
SHA256

dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea
SHA512

a66405cb2ed2c4fb211d95e216aebf894c88bfee461484bb3d4f846ee0e0aedaa8e92aed5b19fc05d52653e60f148fc49a911c9381a5555a8237e277d88f7b4e
SSDEEP

3072:lqkp02Jksl00uL14yNYRDJWN9udpsL04lwT8:82Y0u6yNY23+c3CQ

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2816	snahost.exe

Loads dropped DLL 6 IoCs

pid	Process
2320	dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea.exe
2320	dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2416	2816	WerFault.exe	28

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2816	2320	dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea.exe	28
PID 2320 wrote to memory of 2816	2320	dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea.exe	28
PID 2320 wrote to memory of 2816	2320	dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea.exe	28
PID 2320 wrote to memory of 2816	2320	dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea.exe	28
PID 2816 wrote to memory of 2416	2816	snahost.exe	31
PID 2816 wrote to memory of 2416	2816	snahost.exe	31
PID 2816 wrote to memory of 2416	2816	snahost.exe	31
PID 2816 wrote to memory of 2416	2816	snahost.exe	31

C:\Users\Admin\AppData\Local\Temp\aaaaa.txt

Filesize
102B

MD5
b4a93927e11bb33ce25ef2641df36a51

SHA1
cf7747a8d5a61a11b1bff55d1964d2f8fde858d9

SHA256
6903b9b6b87919e72b2a77453598c8c88070350e910c66b401ac0a983d923297

SHA512
9a4c975028909e7371969306b9bc4d9eacbd8a479b9540da4dac1f98ca642271d6e23c28cc65dc572a882c5e191b54217335b6de58663927639de0e870fe8cc5

Download Submit
\Users\Admin\AppData\Local\Temp\snahost.exe

Filesize
112KB

MD5
c835d22fdb3c6981ce4b103bddf5e992

SHA1
f33af47012692e3cd18b0224e78637325113772e

SHA256
dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea

SHA512
a66405cb2ed2c4fb211d95e216aebf894c88bfee461484bb3d4f846ee0e0aedaa8e92aed5b19fc05d52653e60f148fc49a911c9381a5555a8237e277d88f7b4e

Download Submit