448d6a6859c85e82d5b89889eadf431a64d6f6991b4302a9837c09870d6e4eb3

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 22:01

Target

448d6a6859c85e82d5b89889eadf431a64d6f6991b4302a9837c09870d6e4eb3.exe
Size

79KB
MD5

705ea4990032c4d3727630bd087cda80
SHA1

717ea7749eef6b1118899526476f787c7b649f28
SHA256

448d6a6859c85e82d5b89889eadf431a64d6f6991b4302a9837c09870d6e4eb3
SHA512

dc5abbab1bee63c0b9678ab1eaf60d825db0a7927e3ec8133689ffad83d021dca8f72ef25d3ff65eecd9a81c2442cf61ebcbd86ebafdcd4f83d3e9493935c885
SSDEEP

1536:zvX2ZU/Aq5V75wxXeZXOQA8AkqUhMb2nuy5wgIP0CSJ+5yxB8GMGlZ5G:zvGSn7+lLGdqU7uy5w9WMyxN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
592	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
528	cmd.exe
528	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 528	2148	448d6a6859c85e82d5b89889eadf431a64d6f6991b4302a9837c09870d6e4eb3.exe	29
PID 2148 wrote to memory of 528	2148	448d6a6859c85e82d5b89889eadf431a64d6f6991b4302a9837c09870d6e4eb3.exe	29
PID 2148 wrote to memory of 528	2148	448d6a6859c85e82d5b89889eadf431a64d6f6991b4302a9837c09870d6e4eb3.exe	29
PID 2148 wrote to memory of 528	2148	448d6a6859c85e82d5b89889eadf431a64d6f6991b4302a9837c09870d6e4eb3.exe	29
PID 528 wrote to memory of 592	528	cmd.exe	30
PID 528 wrote to memory of 592	528	cmd.exe	30
PID 528 wrote to memory of 592	528	cmd.exe	30
PID 528 wrote to memory of 592	528	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\448d6a6859c85e82d5b89889eadf431a64d6f6991b4302a9837c09870d6e4eb3.exe
"C:\Users\Admin\AppData\Local\Temp\448d6a6859c85e82d5b89889eadf431a64d6f6991b4302a9837c09870d6e4eb3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:528
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:592

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
40e3fb9b46f9bf29c571923a8dc77f1f

SHA1
42e64a4878064599347b6f55f515318a258fe855

SHA256
977ef9f9e38403ddbf7aed6ac8a33e4925a026fae7bf44a2775123b16b187eeb

SHA512
9f34e31cae094c1f3e61e81ad0c2ffef7500cf1372934acc737dc11c39458215627d7e2afa19bffa3d0f0b054f11cf5f77700cb84359f7a3c81aaaa1ff09bbd4

Download Submit
memory/592-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2148-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download