89aab09e23d5db6856de481f0b5ce479dcbe85b6837fc2dff884b32e7793ecbc

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 00:13

Target

89aab09e23d5db6856de481f0b5ce479dcbe85b6837fc2dff884b32e7793ecbc.exe
Size

79KB
MD5

281a024fb6445413c2d0e7b7a6242c50
SHA1

0c49264a38efde3abb2bde534e31803b1d30cbe8
SHA256

89aab09e23d5db6856de481f0b5ce479dcbe85b6837fc2dff884b32e7793ecbc
SHA512

4bac809f6abcadcd5bb6fe8125d6f73f05b8172c7f69f61ea2c634cbf2fd4996bf78717b7af2eab17d451505d9233c901f2c01ad6c243538c55382646a94c805
SSDEEP

1536:zvOAQ/EOZ0jubUE1OQA8AkqUhMb2nuy5wgIP0CSJ+5yMB8GMGlZ5G:zvyCjubEGdqU7uy5w9WMyMN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2896	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2844	cmd.exe
2844	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2844	2164	89aab09e23d5db6856de481f0b5ce479dcbe85b6837fc2dff884b32e7793ecbc.exe	29
PID 2164 wrote to memory of 2844	2164	89aab09e23d5db6856de481f0b5ce479dcbe85b6837fc2dff884b32e7793ecbc.exe	29
PID 2164 wrote to memory of 2844	2164	89aab09e23d5db6856de481f0b5ce479dcbe85b6837fc2dff884b32e7793ecbc.exe	29
PID 2164 wrote to memory of 2844	2164	89aab09e23d5db6856de481f0b5ce479dcbe85b6837fc2dff884b32e7793ecbc.exe	29
PID 2844 wrote to memory of 2896	2844	cmd.exe	30
PID 2844 wrote to memory of 2896	2844	cmd.exe	30
PID 2844 wrote to memory of 2896	2844	cmd.exe	30
PID 2844 wrote to memory of 2896	2844	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\89aab09e23d5db6856de481f0b5ce479dcbe85b6837fc2dff884b32e7793ecbc.exe
"C:\Users\Admin\AppData\Local\Temp\89aab09e23d5db6856de481f0b5ce479dcbe85b6837fc2dff884b32e7793ecbc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2896

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ba2ff4b8768724523b9f6f4b21d7a8f5

SHA1
49443dc981f55b6facfb755a42fee5908a5f1233

SHA256
6d1ec1f513c2cdcf0ee866dc68d81750cc41eb5bd92209a54b5aad3c9f56b520

SHA512
d3126c5c532673c5355731b2e8a7dc72103f8b44d6b4f47b09a6a74d9b66bb7d58c3f463ed18c81612ca20489c373ffdbd9dd44bf744d383c53883e60131bc53

Download Submit
memory/2164-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2896-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download