3aad65aeae8db073bea24368aceaa0c65da5aa57efeaf4e3f2fe8d50cd25535f

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 19:12

Target

3aad65aeae8db073bea24368aceaa0c65da5aa57efeaf4e3f2fe8d50cd25535f.exe
Size

79KB
MD5

26b4ccd1bd58e7dc4265c37b7c399234
SHA1

de42755285c1522376c6ba8037eaf4bf75ec4da8
SHA256

3aad65aeae8db073bea24368aceaa0c65da5aa57efeaf4e3f2fe8d50cd25535f
SHA512

584d0b340e33554804f7cb031ca8f63b3bc7c40c5859a2c8ecd8ab6a8a9de2acd51e7594763a9923b036fce2527a45258b6f423a920cc98dfe827f3d54ee0a30
SSDEEP

1536:zvPsOaxdf8Dw5Gj7OQA8AkqUhMb2nuy5wgIP0CSJ+5yMB8GMGlZ5G:zvUOmaw5LGdqU7uy5w9WMyMN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2976	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2600	cmd.exe
2600	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2600	2120	3aad65aeae8db073bea24368aceaa0c65da5aa57efeaf4e3f2fe8d50cd25535f.exe	29
PID 2120 wrote to memory of 2600	2120	3aad65aeae8db073bea24368aceaa0c65da5aa57efeaf4e3f2fe8d50cd25535f.exe	29
PID 2120 wrote to memory of 2600	2120	3aad65aeae8db073bea24368aceaa0c65da5aa57efeaf4e3f2fe8d50cd25535f.exe	29
PID 2120 wrote to memory of 2600	2120	3aad65aeae8db073bea24368aceaa0c65da5aa57efeaf4e3f2fe8d50cd25535f.exe	29
PID 2600 wrote to memory of 2976	2600	cmd.exe	30
PID 2600 wrote to memory of 2976	2600	cmd.exe	30
PID 2600 wrote to memory of 2976	2600	cmd.exe	30
PID 2600 wrote to memory of 2976	2600	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3aad65aeae8db073bea24368aceaa0c65da5aa57efeaf4e3f2fe8d50cd25535f.exe
"C:\Users\Admin\AppData\Local\Temp\3aad65aeae8db073bea24368aceaa0c65da5aa57efeaf4e3f2fe8d50cd25535f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2976

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
277ab92c15b7a2cdc4d4f17aa944ee41

SHA1
4a8895915a1f54fdddeee95ccf255106988b22e1

SHA256
224d2b27f786bf3afd4c4650fe5b05d6671f60280b6d6ca48cca051a81bacae9

SHA512
e00ef97b5010d22ed79d8ec78f7a233a36de1f2d7c40bee6dce8e3f7f57930519a0c789506760ba17ec82d5254ce6e1dc04eb66a9a9ac79ae14d5ae3d95af961

Download Submit
memory/2120-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2976-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download