789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:22

Target

789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe
Size

79KB
MD5

06c8a4ad83a005a0a8b16a74c427fcb2
SHA1

5b1a1a3ed8f123f407de571b31692cb6890e194c
SHA256

789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a
SHA512

61cb1cc6fb916169e18e9b84a39365bd16bf857a05a643c8a3ec1f2ac84a28d01b05152ef78c863f42ba47d854d0a3ee328d5656fdf492e64e3addbb2f804da6
SSDEEP

1536:zvYONtUW2tbTs1OQA8AkqUhMb2nuy5wgIP0CSJ+5yLLB8GMGlZ5G:zvYODUTpfGdqU7uy5w9WMyLLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

2364 [email protected]
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

1192 cmd.exe
1192 cmd.exe

pid	process
2364	[email protected]

pid	process
1192	cmd.exe
1192	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.execmd.exe

description	pid	process	target process
PID 2960 wrote to memory of 1192	2960	789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe	cmd.exe
PID 2960 wrote to memory of 1192	2960	789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe	cmd.exe
PID 2960 wrote to memory of 1192	2960	789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe	cmd.exe
PID 2960 wrote to memory of 1192	2960	789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe	cmd.exe
PID 1192 wrote to memory of 2364	1192	cmd.exe	[email protected]
PID 1192 wrote to memory of 2364	1192	cmd.exe	[email protected]
PID 1192 wrote to memory of 2364	1192	cmd.exe	[email protected]
PID 1192 wrote to memory of 2364	1192	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe
"C:\Users\Admin\AppData\Local\Temp\789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:2364

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
25ebeaad423f1d20f9ebbb4227cb16eb

SHA1
44908f03b9800d95bd5e45555525f82615191ba0

SHA256
e60172cf1c0d787fb78db711d60d517ce4a98ec062931f72584c0ff1eca308c1

SHA512
251f933dfc54e06ceed99bea791fd792e3bc5be468b435b09d7a9c66e4a519fd36a159e0ebb638de82aa18453d9fb4340b95b6850c4b694e566f428cfadeea5a

Download Submit
memory/2364-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2960-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download