fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 04:38

Target

fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe
Size

192KB
MD5

9b4ff112ec752dc4dde0e4af0229e6a8
SHA1

ce87744af005316b994e4adebd63245d00aa8a1b
SHA256

fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0
SHA512

18674f4dc2529e7f65bd1670d3113c8a0970536dc9a5366158a55756aeb6c650c0a76dea6521207d238550685dc6768031f9577b56f94092429033ee24ad25ec
SSDEEP

3072:KuzpxcIl4TatWbO5ESjwL15hV+3wZXnFZpUuGkYnOVfAHD3ooxkzbUIz8Q:Kql4TateoiqwlFfGdOVfAH05P+Q

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2088	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe

Executes dropped EXE 1 IoCs

pid	Process
2088	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe

Loads dropped DLL 1 IoCs

pid	Process
2388	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2088	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2388	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2088	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2088	2388	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe	28
PID 2388 wrote to memory of 2088	2388	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe	28
PID 2388 wrote to memory of 2088	2388	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe	28
PID 2388 wrote to memory of 2088	2388	fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe	28

\Users\Admin\AppData\Local\Temp\fecc98fdaafda0a8d0f93c5b1d877ed5de0122c3c1d38000b79f8288b4a44cc0.exe

Filesize
192KB

MD5
c90aa33b91943e1f5491db6811559203

SHA1
269a6fd666db49d6ed54965b4106eee9406138c9

SHA256
f6514e15a425dbedebca87be93fcafcd6042e1ea41bb87fbbfd0333540af86a6

SHA512
8a180f120f68f262110b19b23e4679e6459c3e9d78fb7b7e2dee9f20c0c4eb51e65b3bf937ddb7baff43783bb4abecb59da1fb5f0d17db88957f1fdce372b868

Download Submit
memory/2088-10-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2088-12-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2088-16-0x00000000001B0000-0x00000000001EC000-memory.dmp

Filesize
240KB

Download
memory/2388-2-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2388-8-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download