e4416f72c9166be2386b50dba0d8078a72569571f342b016e401b34b8efce6db

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 06:44

Target

Device/HarddiskVolume3/Users/neuhoferi/Downloads/Ez-DicomCDViewer.exe
Size

4.4MB
MD5

1ae4d1d87b438793396bfb70244a0527
SHA1

e8160daeda1ae16ac444938b94bf57036b439de4
SHA256

ad85b4798bd996cfeb5bdd4c51dd7a65352c0ed42803ecde0cf4357762740cdc
SHA512

c00c6d45f3a2b208e8a8e6a07b3cc55ed6611855914d309d54bf0f86b13bef27d05f9703d39305ddb80a309725502a544ba0a53c1e93f65bf986d5433335d2a2
SSDEEP

98304:V+vprVuSCr3vtnHU7Z+JA1gmzjLjBmJ8JE3L6Aj80duDFJH:s4SY1H2Z+e13zjLUJ8STC7H

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2392	Ez-DicomCDViewer.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	Ez-DicomCDViewer.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28
PID 2392 wrote to memory of 3060	2392	Ez-DicomCDViewer.exe	28

C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Users\neuhoferi\Downloads\Ez-DicomCDViewer.exe
"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Users\neuhoferi\Downloads\Ez-DicomCDViewer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Users\neuhoferi\Downloads\Ez-DicomCDViewer.exe
  "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Users\neuhoferi\Downloads\Ez-DicomCDViewer.exe"
  2⤵
  PID:3060

\Users\Admin\AppData\Local\Temp\MBX@958@2152B30.###

Filesize
2KB

MD5
67e0c6bd8d098260d26f03151b70393f

SHA1
05390401f33fe9509d558ce41e5246013ad723e7

SHA256
d406cb940065b773b46a569e664d0be09fb3cca745265daa8ffac03bf55d11d1

SHA512
60aa21559c3dcc0649bb85b65e440da13490332ecfe65666eb9e4fb546934aad2433bf7cca13b44ba878c5e93c2f79ae3a392013f8fa29a44c946c87eda13faf

Download Submit
memory/2392-0-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/2392-4-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/2392-5-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/2392-8-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/2392-7-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/2392-6-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/2392-14-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/2392-13-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3060-15-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download