ccd0ad186f0c1d22b5a67ad1ea16e9fee7930c0844d0ae730236c70205a241d1

Analysis

max time kernel
120s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 02:08

Target

ccd0ad186f0c1d22b5a67ad1ea16e9fee7930c0844d0ae730236c70205a241d1.exe
Size

79KB
MD5

cb2bd881ec31b6201276a0002431c31e
SHA1

d5a3a8510d579d8a2ee37583ec95448f720f35ca
SHA256

ccd0ad186f0c1d22b5a67ad1ea16e9fee7930c0844d0ae730236c70205a241d1
SHA512

6eb2fda13f79e41ecdd7382805b6fec0b4532887bd426aa768ad0999efaf31ba46a70e9058063b43ea69a6317a6bf3d987a2c4f553c23d32149d5405245a1420
SSDEEP

1536:zvr6eee2vqONy31OQA8AkqUhMb2nuy5wgIP0CSJ+5yyB8GMGlZ5G:zvuq/sGdqU7uy5w9WMyyN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2556	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2552	cmd.exe
2552	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2552	2208	ccd0ad186f0c1d22b5a67ad1ea16e9fee7930c0844d0ae730236c70205a241d1.exe	29
PID 2208 wrote to memory of 2552	2208	ccd0ad186f0c1d22b5a67ad1ea16e9fee7930c0844d0ae730236c70205a241d1.exe	29
PID 2208 wrote to memory of 2552	2208	ccd0ad186f0c1d22b5a67ad1ea16e9fee7930c0844d0ae730236c70205a241d1.exe	29
PID 2208 wrote to memory of 2552	2208	ccd0ad186f0c1d22b5a67ad1ea16e9fee7930c0844d0ae730236c70205a241d1.exe	29
PID 2552 wrote to memory of 2556	2552	cmd.exe	30
PID 2552 wrote to memory of 2556	2552	cmd.exe	30
PID 2552 wrote to memory of 2556	2552	cmd.exe	30
PID 2552 wrote to memory of 2556	2552	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\ccd0ad186f0c1d22b5a67ad1ea16e9fee7930c0844d0ae730236c70205a241d1.exe
"C:\Users\Admin\AppData\Local\Temp\ccd0ad186f0c1d22b5a67ad1ea16e9fee7930c0844d0ae730236c70205a241d1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2556

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7a71825b9bbd2dbba59f7b3377cdba1a

SHA1
71b3249b785f14180145e5f19be0ebdb648680f6

SHA256
6ebcf87f1ad0635d44ec2a90f895a43f50e94f512b351339ac32cf8146702d61

SHA512
f615fd729cfc1c0befb54944134df6620965702cabe0b746a732243cd4c523b3e1c4acab478ced9571ef7ebe228c975a28bf3cd5c0dfd2e9343ff3b6632f88ae

Download Submit
memory/2208-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2556-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download