0afeb80fdc50b16947e7d1d87d0fa7fe5c8556ffacc20f7f9d867f748bcde32a

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-03-2024 17:44

Target

0afeb80fdc50b16947e7d1d87d0fa7fe5c8556ffacc20f7f9d867f748bcde32a.exe
Size

79KB
MD5

a450d8cbd85a45aa3dda0b683ceb4ddd
SHA1

6dc7681b5a8111b73f55fbd9347af6db53d7b299
SHA256

0afeb80fdc50b16947e7d1d87d0fa7fe5c8556ffacc20f7f9d867f748bcde32a
SHA512

3d340d490888d2118ea31f97e76fc042de37431338548b950437a6db3f96081c24139d9659a4679d73573108c773280537fe5a5feb5f95260c990c738dc91068
SSDEEP

1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5yUB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMyUN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2512	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2612	cmd.exe
2612	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2612	2968	0afeb80fdc50b16947e7d1d87d0fa7fe5c8556ffacc20f7f9d867f748bcde32a.exe	29
PID 2968 wrote to memory of 2612	2968	0afeb80fdc50b16947e7d1d87d0fa7fe5c8556ffacc20f7f9d867f748bcde32a.exe	29
PID 2968 wrote to memory of 2612	2968	0afeb80fdc50b16947e7d1d87d0fa7fe5c8556ffacc20f7f9d867f748bcde32a.exe	29
PID 2968 wrote to memory of 2612	2968	0afeb80fdc50b16947e7d1d87d0fa7fe5c8556ffacc20f7f9d867f748bcde32a.exe	29
PID 2612 wrote to memory of 2512	2612	cmd.exe	30
PID 2612 wrote to memory of 2512	2612	cmd.exe	30
PID 2612 wrote to memory of 2512	2612	cmd.exe	30
PID 2612 wrote to memory of 2512	2612	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0afeb80fdc50b16947e7d1d87d0fa7fe5c8556ffacc20f7f9d867f748bcde32a.exe
"C:\Users\Admin\AppData\Local\Temp\0afeb80fdc50b16947e7d1d87d0fa7fe5c8556ffacc20f7f9d867f748bcde32a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2512

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2fb7f8cb0c6be213f39be2c49e63ae79

SHA1
7a7e911c4a0dbbe17edd02f44ad6634c08243c8f

SHA256
3f493c5dd07a67a9ec52ca86e00def736c61638b2258413698fede2911ed4869

SHA512
cc6be0f4feaefba5a4f91d5c5f01cd267865e9c1b910387dc1e26b22b2802f6aa2621546950493268a706df58c4c42a7a6db784c97ea4b78ea23fd73b9d9a772

Download Submit
memory/2512-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2968-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download