4e4a0bb3b87573ea6bf778637c2d39470042673ad3aa7f6b7b89eb2df5668de4

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 21:18 UTC

Target

4e4a0bb3b87573ea6bf778637c2d39470042673ad3aa7f6b7b89eb2df5668de4.exe
Size

79KB
MD5

3a68a8a114014f0db88ddd51dd4aa01d
SHA1

f015f647472044ba1aee968b6dfcf4d280e3014e
SHA256

4e4a0bb3b87573ea6bf778637c2d39470042673ad3aa7f6b7b89eb2df5668de4
SHA512

09d9998bc42574bd469f959316dcbf8e67f3a96fb7a0ecc9e29b545cff26a492b87b57397ffba83f0fd36b3b868240ec8e9dd0320f61d0817b4e86e74d5ce3aa
SSDEEP

1536:zv/kDzjjSOQA8AkqUhMb2nuy5wgIP0CSJ+5yHBB8GMGlZ5G:zvsbGdqU7uy5w9WMyhN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2760	$TMP!10@.COM

Loads dropped DLL 2 IoCs

pid	Process
2656	cmd.exe
2656	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2656	1276	4e4a0bb3b87573ea6bf778637c2d39470042673ad3aa7f6b7b89eb2df5668de4.exe	29
PID 1276 wrote to memory of 2656	1276	4e4a0bb3b87573ea6bf778637c2d39470042673ad3aa7f6b7b89eb2df5668de4.exe	29
PID 1276 wrote to memory of 2656	1276	4e4a0bb3b87573ea6bf778637c2d39470042673ad3aa7f6b7b89eb2df5668de4.exe	29
PID 1276 wrote to memory of 2656	1276	4e4a0bb3b87573ea6bf778637c2d39470042673ad3aa7f6b7b89eb2df5668de4.exe	29
PID 2656 wrote to memory of 2760	2656	cmd.exe	30
PID 2656 wrote to memory of 2760	2656	cmd.exe	30
PID 2656 wrote to memory of 2760	2656	cmd.exe	30
PID 2656 wrote to memory of 2760	2656	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\4e4a0bb3b87573ea6bf778637c2d39470042673ad3aa7f6b7b89eb2df5668de4.exe
"C:\Users\Admin\AppData\Local\Temp\4e4a0bb3b87573ea6bf778637c2d39470042673ad3aa7f6b7b89eb2df5668de4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c $TMP!10@.COM
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
    $TMP!10@.COM
    3⤵
    - Executes dropped EXE
    PID:2760

\Users\Admin\AppData\Local\Temp\$TMP!10@.COM

Filesize
79KB

MD5
0afdb37be14826c25d34727cc8495e11

SHA1
5e2b8d8f7a1cf30a06fcae7b40e9e744c4548a0b

SHA256
ae706b527ea28664ac48fd74415804d38b8938d182003094f6bc8b236dab6a9e

SHA512
a7630b5372696c9a6c04c53af27f8a21f597f3c98073c47389fcc2519484e7720fcfc5a15bd636167b683ec5a36116e2b13192d78f21e0201cdccdcee3106aa4

Download Submit
memory/1276-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2760-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download