e4416f72c9166be2386b50dba0d8078a72569571f342b016e401b34b8efce6db

Analysis

max time kernel
138s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 06:44

Target

Device/HarddiskVolume3/Users/neuhoferi/Downloads/Ez-DicomCDViewer.exe
Size

4.4MB
MD5

1ae4d1d87b438793396bfb70244a0527
SHA1

e8160daeda1ae16ac444938b94bf57036b439de4
SHA256

ad85b4798bd996cfeb5bdd4c51dd7a65352c0ed42803ecde0cf4357762740cdc
SHA512

c00c6d45f3a2b208e8a8e6a07b3cc55ed6611855914d309d54bf0f86b13bef27d05f9703d39305ddb80a309725502a544ba0a53c1e93f65bf986d5433335d2a2
SSDEEP

98304:V+vprVuSCr3vtnHU7Z+JA1gmzjLjBmJ8JE3L6Aj80duDFJH:s4SY1H2Z+e13zjLUJ8STC7H

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
4388	Ez-DicomCDViewer.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4388	Ez-DicomCDViewer.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93
PID 4388 wrote to memory of 3144	4388	Ez-DicomCDViewer.exe	93

C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Users\neuhoferi\Downloads\Ez-DicomCDViewer.exe
"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Users\neuhoferi\Downloads\Ez-DicomCDViewer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Users\neuhoferi\Downloads\Ez-DicomCDViewer.exe
  "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Users\neuhoferi\Downloads\Ez-DicomCDViewer.exe"
  2⤵
  PID:3144

C:\Users\Admin\AppData\Local\Temp\MBX@1124@2342918.###

Filesize
2KB

MD5
07bbe4622074378d85a3ed1e338f10cb

SHA1
397719095f98ed54b2aa6195512e1f31e561972d

SHA256
d8938c5ffd39674b54b79fb995b147e026a966e218e6003cfff14a56ce855f48

SHA512
2e36c3edaf065dade289851f4dfe4aaeedd872f3c7f875e73799f2ee76f0afe99758dc944e62adf0ff13a068db6c59cabf8d98470e55461aed8617bad52318bc

Download Submit
memory/3144-14-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/4388-0-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/4388-5-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/4388-6-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/4388-8-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/4388-9-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/4388-7-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/4388-13-0x0000000066000000-0x0000000066155000-memory.dmp

Filesize
1.3MB

Download
memory/4388-12-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download