d2c13407969127350874e58a40a0f688071465f21d205d56f608f54734ed266c

Analysis

max time kernel
143s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 20:24

Target

caa75cb1a263611f3b7fc90b7719d7bf.exe
Size

112KB
MD5

caa75cb1a263611f3b7fc90b7719d7bf
SHA1

a336fcca74501981f4e6e28d0d18e3ee487b61a3
SHA256

d2c13407969127350874e58a40a0f688071465f21d205d56f608f54734ed266c
SHA512

c72d97e529ba0cce7462d4af81d054520f8dc618380f452ed2ef292e84bed43fe3415657a9e6b3ab2a1de51ec64cb54840d4b7ef621c56c0c01ece3d57f3703e
SSDEEP

1536:0M+yNStPY+z0mHkGDcIXQfTGWbh8UH9SZ47Qn/yo9dBK2jSDKB:tUlY+zlDcIXeTNH9SZ4u+K

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2208	olacweegim.exe

Loads dropped DLL 1 IoCs

pid	Process
2400	caa75cb1a263611f3b7fc90b7719d7bf.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	checkip.dyndns.org

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2208	2400	caa75cb1a263611f3b7fc90b7719d7bf.exe	28
PID 2400 wrote to memory of 2208	2400	caa75cb1a263611f3b7fc90b7719d7bf.exe	28
PID 2400 wrote to memory of 2208	2400	caa75cb1a263611f3b7fc90b7719d7bf.exe	28
PID 2400 wrote to memory of 2208	2400	caa75cb1a263611f3b7fc90b7719d7bf.exe	28

C:\Users\Admin\AppData\Local\Temp\caa75cb1a263611f3b7fc90b7719d7bf.exe
"C:\Users\Admin\AppData\Local\Temp\caa75cb1a263611f3b7fc90b7719d7bf.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
  C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
  2⤵
  - Executes dropped EXE
  PID:2208

\Users\Admin\AppData\Local\Temp\olacweegim.exe

Filesize
112KB

MD5
273043aa5bcdf06d5f8a4212c1560899

SHA1
339a7685526ad9e37dcb0d53ff473e006b031aee

SHA256
57fd1edbf386a803dc2f46ea75ae0b75634ea53eafd69a3482ff0921360410f0

SHA512
71a458ebfcc45fec5c849a4781207443baff4eb596d0c6c531e0a7fdfb7e2680f5e447e95b2ce542f7fe2c61fa68348b4e864a740dfc602d55b808544d45f53f

Download Submit
memory/2208-9-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2208-11-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2400-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2400-1-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2400-7-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2400-8-0x0000000000360000-0x0000000000375000-memory.dmp

Filesize
84KB

Download