77b25e6138c3da3277e5fbeefe7bdf81fe75436d5149b71bf15de12ee3c85cb1

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 21:25

Target

77b25e6138c3da3277e5fbeefe7bdf81fe75436d5149b71bf15de12ee3c85cb1.exe
Size

79KB
MD5

84c37b2124956396f10af00eda02f265
SHA1

127aab138d06c3079bbb9fda84e01635095d1a2d
SHA256

77b25e6138c3da3277e5fbeefe7bdf81fe75436d5149b71bf15de12ee3c85cb1
SHA512

c06999c1d0dbc0aa9f7f90507371164b5fc28165aef9f7b47f561bfbdf0a5298d432c160147216195403dd5ae80d420f628239052fd1eb5fa932665a1b6da33b
SSDEEP

1536:zvx+XE87LOPOQA8AkqUhMb2nuy5wgIP0CSJ+5y8B8GMGlZ5G:zvxEE8vOmGdqU7uy5w9WMy8N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3064	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2964	cmd.exe
2964	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2964	2904	77b25e6138c3da3277e5fbeefe7bdf81fe75436d5149b71bf15de12ee3c85cb1.exe	29
PID 2904 wrote to memory of 2964	2904	77b25e6138c3da3277e5fbeefe7bdf81fe75436d5149b71bf15de12ee3c85cb1.exe	29
PID 2904 wrote to memory of 2964	2904	77b25e6138c3da3277e5fbeefe7bdf81fe75436d5149b71bf15de12ee3c85cb1.exe	29
PID 2904 wrote to memory of 2964	2904	77b25e6138c3da3277e5fbeefe7bdf81fe75436d5149b71bf15de12ee3c85cb1.exe	29
PID 2964 wrote to memory of 3064	2964	cmd.exe	30
PID 2964 wrote to memory of 3064	2964	cmd.exe	30
PID 2964 wrote to memory of 3064	2964	cmd.exe	30
PID 2964 wrote to memory of 3064	2964	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\77b25e6138c3da3277e5fbeefe7bdf81fe75436d5149b71bf15de12ee3c85cb1.exe
"C:\Users\Admin\AppData\Local\Temp\77b25e6138c3da3277e5fbeefe7bdf81fe75436d5149b71bf15de12ee3c85cb1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3064

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
738c97bb093183f337a64597ad941de4

SHA1
f3cc5295361335ff885e543b5525915fd9dd5b66

SHA256
c7536cc17b56cb4d9a08f7a1f23dd230b2cd9d9fb26a82e9175e634502ad3782

SHA512
e1278790365472c707fcccdfc5f11136367be3c7daad9ecf5c8e09bbf077aac7fde6ee161303818c0d7ad16afeb2a9ec36f616a3ded8629c7f5aac02264ad44d

Download Submit
memory/2904-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3064-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download