c87d344eb0e2fea03dde65d48987ab3e820b61648e1170ab5a9914f8f650cc97

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 15:44

Target

PdaNetA5232b.exe
Size

3.9MB
MD5

308ecb0024da9f7d7bf928051f4cdfd9
SHA1

57c584e3bc0e3260c8c305015f0544d2dd543412
SHA256

c87d344eb0e2fea03dde65d48987ab3e820b61648e1170ab5a9914f8f650cc97
SHA512

703ce7de1976b7907707d4f709771beb09ad3fbc93db7b4ff3736461661372af3fcccde77b043206e5cc85be816ea10a9463ef9e2e1032148742f33cda736822
SSDEEP

98304:SVnUu0P8YSOmzwRWLiYKUhjJAW0av3NacHXqL8zSilqLxjL:SVonSOmzww2UZWWJddHXo8NqLxf

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

PdaNetA5232b.tmp

pid process

2488 PdaNetA5232b.tmp
Loads dropped DLL 1 IoCs

Processes:

PdaNetA5232b.exe

pid process

2592 PdaNetA5232b.exe

pid	process
2488	PdaNetA5232b.tmp

pid	process
2592	PdaNetA5232b.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

PdaNetA5232b.exe

description	pid	process	target process
PID 2592 wrote to memory of 2488	2592	PdaNetA5232b.exe	PdaNetA5232b.tmp
PID 2592 wrote to memory of 2488	2592	PdaNetA5232b.exe	PdaNetA5232b.tmp
PID 2592 wrote to memory of 2488	2592	PdaNetA5232b.exe	PdaNetA5232b.tmp
PID 2592 wrote to memory of 2488	2592	PdaNetA5232b.exe	PdaNetA5232b.tmp
PID 2592 wrote to memory of 2488	2592	PdaNetA5232b.exe	PdaNetA5232b.tmp
PID 2592 wrote to memory of 2488	2592	PdaNetA5232b.exe	PdaNetA5232b.tmp
PID 2592 wrote to memory of 2488	2592	PdaNetA5232b.exe	PdaNetA5232b.tmp

C:\Users\Admin\AppData\Local\Temp\PdaNetA5232b.exe
"C:\Users\Admin\AppData\Local\Temp\PdaNetA5232b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Users\Admin\AppData\Local\Temp\is-4IKET.tmp\PdaNetA5232b.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4IKET.tmp\PdaNetA5232b.tmp" /SL5="$30130,3641019,121344,C:\Users\Admin\AppData\Local\Temp\PdaNetA5232b.exe"
  2⤵
  - Executes dropped EXE
  PID:2488

\Users\Admin\AppData\Local\Temp\is-4IKET.tmp\PdaNetA5232b.tmp

Filesize
1.1MB

MD5
90fc739c83cd19766acb562c66a7d0e2

SHA1
451f385a53d5fed15e7649e7891e05f231ef549a

SHA256
821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431

SHA512
4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c

Download Submit
memory/2488-9-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/2488-11-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/2592-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2592-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2592-10-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download