f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 00:22

Target

f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe
Size

79KB
MD5

82176b350ec69741c12299d761b040d2
SHA1

dba440d4a4aeec93bfa89906dca8f8690424d9e5
SHA256

f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b
SHA512

8ba08c41c2106bf2bc20ccf11409429d256e898cd135eba5a2f105b70577a1bd9f8bf040d3e05a1591c1dd5e9a952db14d62af5a5cc824db500254db74ba2112
SSDEEP

1536:zvqrRgojWFT+eDOQA8AkqUhMb2nuy5wgIP0CSJ+5yEB8GMGlZ5G:zvCRkFT3iGdqU7uy5w9WMyEN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2900	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2504	cmd.exe
2504	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2504	1888	f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe	29
PID 1888 wrote to memory of 2504	1888	f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe	29
PID 1888 wrote to memory of 2504	1888	f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe	29
PID 1888 wrote to memory of 2504	1888	f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe	29
PID 2504 wrote to memory of 2900	2504	cmd.exe	30
PID 2504 wrote to memory of 2900	2504	cmd.exe	30
PID 2504 wrote to memory of 2900	2504	cmd.exe	30
PID 2504 wrote to memory of 2900	2504	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe
"C:\Users\Admin\AppData\Local\Temp\f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2900

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2a84275545809a88365eb27875cdc462

SHA1
a229b37784a75a3c16e5c3b3fb04378224f191a0

SHA256
cf84df2e6d93a41dfb225a24517a034e4e35dcfef3a80f300d86d0ff4391e5ee

SHA512
84b7d9624bce3fa2f09ff2ea222426e93aea1b0f2bb6835e117db92eea4b08750a2eeff3618398bc4375f9f127acf443a6063eaa332e3fa5afb7bb9062dd7586

Download Submit
memory/1888-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2900-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download