c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 05:52

Target

c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe
Size

1.8MB
MD5

69359444b4d6c20a5d35760c4e398e72
SHA1

b18cafef685055e4bdbe34a090d0cf11028b5d86
SHA256

c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61
SHA512

eec44f156cfd811b638c85da9a5c5b2f03d3e3ec621e4229cf7d2361e72296e23e1dd5f4a0d78ab02ce390e70aae54c068cbf3b491120d671069098c26342070
SSDEEP

24576:VhQYeEDa/vWCcFbPzvTtfO6BgCf5ekB1ovK+am89fnK4X9ZNYd1MV1FdKD1vWk+p:VS0k69FXpKD1LpIYDrcp2fS/XTl

Score

7^/10

pid	process
1996	fdp.exe

Loads dropped DLL 2 IoCs

Processes:

c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe

pid	process
2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe
2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe

pid process

2200 c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe

description	pid	process	target process
PID 2200 wrote to memory of 2116	2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe	cmd.exe
PID 2200 wrote to memory of 2116	2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe	cmd.exe
PID 2200 wrote to memory of 2116	2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe	cmd.exe
PID 2200 wrote to memory of 2116	2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe	cmd.exe
PID 2200 wrote to memory of 1996	2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe	fdp.exe
PID 2200 wrote to memory of 1996	2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe	fdp.exe
PID 2200 wrote to memory of 1996	2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe	fdp.exe
PID 2200 wrote to memory of 1996	2200	c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61.exe	fdp.exe

C:\Windows\SysWOW64\cmd.exe
cmd " /c " C:\Users\Admin\AppData\Local\Temp\中国计量大学现代科技学院关于10月9日施行临时封闭管理措施(1).docx
2⤵
PID:2116

C:\Users\Public\fdp.exe
C:\Users\Public\fdp.exe
2⤵
- Executes dropped EXE
PID:1996

C:\Users\Public\fdp.exe
Filesize
19KB

MD5
85ca4c24b93dde56321e62ce71aa8bb2

SHA1
4eab75f775686e0bc73227158a1efa432aa462e9

SHA256
d477d9fdfd2da88396a21f277c066635d34c6ed17c570b740364d7e04d3618eb

SHA512
135775dab2dd24b345e33ac6a026e72d8b37b63a2f4156921c8995dd5e1cf2a8219571f29de4ded832d4d4cc8a6235449f962e797065ad6094ba1b622eb5aec6

Download Submit
memory/1996-9-0x000000013F790000-0x000000013F798000-memory.dmp

Filesize
32KB

Download
memory/2200-3-0x0000000000690000-0x0000000000698000-memory.dmp

Filesize
32KB

Download
memory/2200-10-0x0000000000690000-0x0000000000698000-memory.dmp

Filesize
32KB

Download