0d42653490d6ecefd02ea9fc1eb51ed7b34b58f8ca9d7c708fcc47013361c9a9

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 18:58

Target

0d42653490d6ecefd02ea9fc1eb51ed7b34b58f8ca9d7c708fcc47013361c9a9.exe
Size

79KB
MD5

f4209d5aa49d154fae51f605842fc9a3
SHA1

b215bad0bdf8d8f1da94a94e03d8ff88c35f3340
SHA256

0d42653490d6ecefd02ea9fc1eb51ed7b34b58f8ca9d7c708fcc47013361c9a9
SHA512

2986bd362ea738097d1dcb6959208203b25e4dabdea45fccd7e2e5ba2c0aa34e57a1d822662ccaf70fd0da60ea70eef6962b7504c4f0a1371115f5d055a20891
SSDEEP

1536:zvQaoL+gLpOQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zvNngLoGdqU7uy5w9WMyHN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2204	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2360	cmd.exe
2360	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 2360	112	0d42653490d6ecefd02ea9fc1eb51ed7b34b58f8ca9d7c708fcc47013361c9a9.exe	29
PID 112 wrote to memory of 2360	112	0d42653490d6ecefd02ea9fc1eb51ed7b34b58f8ca9d7c708fcc47013361c9a9.exe	29
PID 112 wrote to memory of 2360	112	0d42653490d6ecefd02ea9fc1eb51ed7b34b58f8ca9d7c708fcc47013361c9a9.exe	29
PID 112 wrote to memory of 2360	112	0d42653490d6ecefd02ea9fc1eb51ed7b34b58f8ca9d7c708fcc47013361c9a9.exe	29
PID 2360 wrote to memory of 2204	2360	cmd.exe	30
PID 2360 wrote to memory of 2204	2360	cmd.exe	30
PID 2360 wrote to memory of 2204	2360	cmd.exe	30
PID 2360 wrote to memory of 2204	2360	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0d42653490d6ecefd02ea9fc1eb51ed7b34b58f8ca9d7c708fcc47013361c9a9.exe
"C:\Users\Admin\AppData\Local\Temp\0d42653490d6ecefd02ea9fc1eb51ed7b34b58f8ca9d7c708fcc47013361c9a9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2204

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
cf1b715970f64791f11abf9da90037f8

SHA1
20c9cd00d0cdc04e9fc2da5d1eb790fe30657857

SHA256
91401b30f3017859e75cd1b10888a9fdaffa544f545ae03839fa81777e6f0a2d

SHA512
57b14355adb2210579827f718f40d49c74da918f5a731344a3dc47362fe27df4f5902f1981742dd707d5c41ab8d48270108647adc5883fd1b14ec9106cc5531f

Download Submit
memory/112-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2204-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download