ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 00:08

Target

ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe
Size

79KB
MD5

6ca49604e4c1b41edfcda70f9592a976
SHA1

9bcdda5d66272345c900938b384abc3505ef0702
SHA256

ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951
SHA512

d3aba5527e801054598c8d557d58af15eaec0d6d10d41084270c08ba3a75a93a13c2c037315a1aa51b4d84aab5544b91a0b9eecc737a25f07836e470560f349d
SSDEEP

1536:zvl6vjpRmTZNk/OQA8AkqUhMb2nuy5wgIP0CSJ+5yMltB8GMGlZ5G:zvgvjpYZNk2GdqU7uy5w9WMyMXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2252	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1724	cmd.exe
1724	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1724	2052	ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe	29
PID 2052 wrote to memory of 1724	2052	ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe	29
PID 2052 wrote to memory of 1724	2052	ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe	29
PID 2052 wrote to memory of 1724	2052	ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe	29
PID 1724 wrote to memory of 2252	1724	cmd.exe	30
PID 1724 wrote to memory of 2252	1724	cmd.exe	30
PID 1724 wrote to memory of 2252	1724	cmd.exe	30
PID 1724 wrote to memory of 2252	1724	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe
"C:\Users\Admin\AppData\Local\Temp\ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2252

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fd25115ed53010b7dddd5d7fee181ade

SHA1
3deb6cbc23f40a451a17ca0df00cb11b3cf4059a

SHA256
0de8253ac6c9f6ca6ee0134a2c1395f67b55201c43624bcbefcb8794085fcb86

SHA512
670bc48a80d747285505aee52c08d22e361468205fdbca1cf7298b6d93b4c4c765878c4337a6a6baf5dfa8473fb00797791e55e9218dd4494124f55db6342dce

Download Submit
memory/2052-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2252-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download