bea35dfc4b1202c07ba712822e10f69de68c84ee535f376bf7e31601661d668a

Analysis

max time kernel
303s
max time network
321s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/04/2024, 17:38

Target

remote.exe
Size

109.6MB
MD5

9ed2ecc69a8d28180ea9b09aca9cc52c
SHA1

a76ae731b77c851b570a495d5ef4038642786831
SHA256

bea35dfc4b1202c07ba712822e10f69de68c84ee535f376bf7e31601661d668a
SHA512

9c389cf86da4c2b304d9f3a964107a3d9e4999735e3d6b8c004ca986858f91a9213851ed855c6bec5f7b5c539afef74694e6f32c5b51f63f357ace538b4bdfaa
SSDEEP

1572864:LOwVocpvoNevC2BbuJHGO4sD6592vTvIPQssYZ9Dct8B6MCuTWIZpumprpbsyeqw:FX9otcbuJDc2QYssYr+q6M5Tzl4eWV

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1048	remote.tmp

Loads dropped DLL 1 IoCs

pid	Process
2012	remote.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1048	2012	remote.exe	28
PID 2012 wrote to memory of 1048	2012	remote.exe	28
PID 2012 wrote to memory of 1048	2012	remote.exe	28
PID 2012 wrote to memory of 1048	2012	remote.exe	28
PID 2012 wrote to memory of 1048	2012	remote.exe	28
PID 2012 wrote to memory of 1048	2012	remote.exe	28
PID 2012 wrote to memory of 1048	2012	remote.exe	28

C:\Users\Admin\AppData\Local\Temp\remote.exe
"C:\Users\Admin\AppData\Local\Temp\remote.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\is-2RA9O.tmp\remote.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2RA9O.tmp\remote.tmp" /SL5="$50154,114004982,786944,C:\Users\Admin\AppData\Local\Temp\remote.exe"
  2⤵
  - Executes dropped EXE
  PID:1048

\Users\Admin\AppData\Local\Temp\is-2RA9O.tmp\remote.tmp

Filesize
3.0MB

MD5
8db3b20f6738fdf1655b2596bd4dcca5

SHA1
8f162e8178b28b901863b62d586766e33e87713a

SHA256
1644a239a1eb56b42849ea2cf4e75a0710966921fcb84655540d6bca2cb9a9da

SHA512
5fdd62d05b44b4954b795e0847ee3b11f4c7da3958f03eccdf0ebe4f1ce6009fe3a50db1c7ed734e9b0f47107789b48876466f4099c9cefc3c87a6cafa5fad26

Download Submit
memory/1048-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1048-11-0x0000000000400000-0x0000000000708000-memory.dmp

Filesize
3.0MB

Download
memory/1048-13-0x0000000000400000-0x0000000000708000-memory.dmp

Filesize
3.0MB

Download
memory/1048-14-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1048-16-0x0000000000400000-0x0000000000708000-memory.dmp

Filesize
3.0MB

Download
memory/2012-1-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2012-10-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2012-18-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download