7151d41a59b87f75867f5322cdb83c42b337a1b63d2080854c7c09e1e5b594c5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 05:04

Target

e0d64c95a9d8b6660776a09e37ac127d.exe
Size

36KB
MD5

e0d64c95a9d8b6660776a09e37ac127d
SHA1

e270d0ccc1ed606da10809e8127a9f0c9c609a79
SHA256

7151d41a59b87f75867f5322cdb83c42b337a1b63d2080854c7c09e1e5b594c5
SHA512

550e6f0251ef71fceb20a25882d2e53773c6d6fd515edd0ad063e211d54a60a4a17a6f06d28233fa24f905673d06fc1322d5197b80279caad94936a8a0af005b
SSDEEP

768:lXhIRoPEqY6T6C3I9zKr7OyMf3IpUg7miSAZJzZ4Za3khK:lhIRIHvTz4Ir7OyMf3awitZ+a3

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3032	cmd.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dllcache\iexplorer.dll	e0d64c95a9d8b6660776a09e37ac127d.exe
File opened for modification	C:\Windows\SysWOW64\dllcache\iexplorer.dll	e0d64c95a9d8b6660776a09e37ac127d.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2752	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	28
PID 2972 wrote to memory of 2752	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	28
PID 2972 wrote to memory of 2752	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	28
PID 2972 wrote to memory of 2752	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	28
PID 2972 wrote to memory of 2752	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	28
PID 2972 wrote to memory of 2752	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	28
PID 2972 wrote to memory of 2752	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	28
PID 2972 wrote to memory of 3032	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	29
PID 2972 wrote to memory of 3032	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	29
PID 2972 wrote to memory of 3032	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	29
PID 2972 wrote to memory of 3032	2972	e0d64c95a9d8b6660776a09e37ac127d.exe	29

C:\Users\Admin\AppData\Local\Temp\e0d64c95a9d8b6660776a09e37ac127d.exe
"C:\Users\Admin\AppData\Local\Temp\e0d64c95a9d8b6660776a09e37ac127d.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /s C:\Windows\system32\dllcache\iexplorer.dll
  2⤵
  PID:2752
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\delete.bat C:\Users\Admin\AppData\Local\Temp\e0d64c95a9d8b6660776a09e37ac127d.exe C:\Users\Admin\AppData\Local\Temp\delete.bat
  2⤵
  - Deletes itself
  PID:3032

C:\Users\Admin\AppData\Local\Temp\delete.bat

Filesize
105B

MD5
baa7e02670be801bbc88053906cd3cfd

SHA1
77e6ba7c88e537d4a429d158b32556b029992061

SHA256
ed9ca56eb043077229e56d79dc1f6863037607bf7eb10a368af8c0aea5680da2

SHA512
c7692ca0f30bee7cfe8e937bc9cf0e329d666e5fae844df693121f2678c224a85016eaf7a19e22ebbdf3b14e88bb1d7f1b86e944afdb2fd52cab7ad8aed2303f

Download Submit
memory/2972-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2972-0-0x0000000000510000-0x000000000051B000-memory.dmp

Filesize
44KB

Download