6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:53

Target

6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d.exe
Size

79KB
MD5

0966209f1cffc7ad60d2bdcbece6afdd
SHA1

f043c51e8299b95b3dd4328dd8ed591ed81c8173
SHA256

6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d
SHA512

38d849cd7ad1a41d7ac925fc43458493bcc7fecfa96a167b80d25ab6003896620392b1291a2a4937b96b5c9490a793103cee8c55f0b95d3da982a53425eed5a8
SSDEEP

1536:zvkUugKOznTotoDadOQA8AkqUhMb2nuy5wgIP0CSJ+5y/B8GMGlZ5G:zvJuVtfEGdqU7uy5w9WMy/N5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

2248 [email protected]
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

2084 cmd.exe
2084 cmd.exe

pid	process
2248	[email protected]

pid	process
2084	cmd.exe
2084	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d.execmd.exe

description	pid	process	target process
PID 2240 wrote to memory of 2084	2240	6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d.exe	cmd.exe
PID 2240 wrote to memory of 2084	2240	6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d.exe	cmd.exe
PID 2240 wrote to memory of 2084	2240	6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d.exe	cmd.exe
PID 2240 wrote to memory of 2084	2240	6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d.exe	cmd.exe
PID 2084 wrote to memory of 2248	2084	cmd.exe	[email protected]
PID 2084 wrote to memory of 2248	2084	cmd.exe	[email protected]
PID 2084 wrote to memory of 2248	2084	cmd.exe	[email protected]
PID 2084 wrote to memory of 2248	2084	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d.exe
"C:\Users\Admin\AppData\Local\Temp\6cf006f6cd40334241d0f1258d5473339c2c878e6fd9538ade1955d9341f4c4d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:2248

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
32faf2e0266560c4ed01f7a32dc10cc7

SHA1
716c2144dfba3911c9a9ff4fc1ed10afa3b13721

SHA256
19257c8f634da004ff3886a74a903fb98a979d746b4f828adab1e37f41061091

SHA512
f3b27802ce778e514d4855ba20112450403988c5b7a75e49b711151e9f2749bffd7b259b90530498892899ad0814ec7ea8fbd8e7ecc70021e62ea1e2dd10a6f5

Download Submit
memory/2240-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2248-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download