51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 21:42

Target

51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe
Size

1.4MB
MD5

a0621f19e2af56c9bf0805b50dc033a4
SHA1

c69570bf661c474a0b206ce514c6e5a5dafcf34b
SHA256

51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633
SHA512

18c13e2c84bdc15478b98406fef3d689490a8cf240f2721cae3e6e08749e5d968ec907708d52021c389fae3ef05b2d585563afe639301af0453cf4c7c7d58662
SSDEEP

12288:yq2/pMwt+pSCppppaapBpRQyh8oTj0G1oAhw0MBfNbK1hfUeL6dd6eJkfB18tfFk:yq2dsJ6hal1COa/ZSUnxuek

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3052	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe

Executes dropped EXE 1 IoCs

pid	Process
3052	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe

Loads dropped DLL 4 IoCs

pid	Process
2944	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe
1288	WerFault.exe
1288	WerFault.exe
1288	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1288	3052	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2944	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3052	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 3052	2944	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe	29
PID 2944 wrote to memory of 3052	2944	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe	29
PID 2944 wrote to memory of 3052	2944	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe	29
PID 2944 wrote to memory of 3052	2944	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe	29
PID 3052 wrote to memory of 1288	3052	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe	30
PID 3052 wrote to memory of 1288	3052	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe	30
PID 3052 wrote to memory of 1288	3052	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe	30
PID 3052 wrote to memory of 1288	3052	51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe	30

C:\Users\Admin\AppData\Local\Temp\51bdbf0088ec9289e57f4311c676dedeb353ca5e9363c2a2a02c094787a0a633.exe

Filesize
1.4MB

MD5
248ff092e2936afab8fa5382bc9aaae5

SHA1
197c8d62e81f9fff1123046cebe98546bd4c12d3

SHA256
4bd2949b61b73f02021fa19e07d13dcf4b6b0df897d3c58cda07d51965950023

SHA512
3cd03fa78aaf3bd248dfd33097c5c0a746cc9e6458a32420a747dfa06902f6a8e013d33103cbf1bef52e578e78dd795017c2eba8cea1d83cdf3a897145a9f51c

Download Submit
memory/2944-0-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download
memory/2944-8-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download
memory/3052-9-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download
memory/3052-10-0x0000000002E70000-0x0000000002F5E000-memory.dmp

Filesize
952KB

Download