6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 00:33

Target

6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115.exe
Size

83KB
MD5

1390839ae33e935bba8175f58a6a306f
SHA1

cc9722b1e131da2d2caecbfdcf915c85969f74bd
SHA256

6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115
SHA512

4cca0b42d4dd73d978903c30e1ce202299656c5918deca760eb703a818b5d37fa78602aecf990d0d05722add15dfa6db27a84002f8f588dc78a31db1819df9e2
SSDEEP

1536:GQ1Tzy48untU8fgMEI3jPYfPiuO8VqCoiK2AaZ:GazltUArsaSPov2Ak

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115.execmd.exeiexpress.exe

description	pid	process	target process
PID 2924 wrote to memory of 2904	2924	6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115.exe	cmd.exe
PID 2924 wrote to memory of 2904	2924	6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115.exe	cmd.exe
PID 2924 wrote to memory of 2904	2924	6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115.exe	cmd.exe
PID 2924 wrote to memory of 2904	2924	6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115.exe	cmd.exe
PID 2904 wrote to memory of 2900	2904	cmd.exe	iexpress.exe
PID 2904 wrote to memory of 2900	2904	cmd.exe	iexpress.exe
PID 2904 wrote to memory of 2900	2904	cmd.exe	iexpress.exe
PID 2904 wrote to memory of 2900	2904	cmd.exe	iexpress.exe
PID 2900 wrote to memory of 2532	2900	iexpress.exe	makecab.exe
PID 2900 wrote to memory of 2532	2900	iexpress.exe	makecab.exe
PID 2900 wrote to memory of 2532	2900	iexpress.exe	makecab.exe
PID 2900 wrote to memory of 2532	2900	iexpress.exe	makecab.exe

C:\Users\Admin\AppData\Local\Temp\6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115.exe
"C:\Users\Admin\AppData\Local\Temp\6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\21B4.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\6d2923130a82031e5e12770e25498e110f214966bf61d65e6f6e75fc80daa115.exe""
2⤵
- Suspicious use of WriteProcessMemory
PID:2904

C:\Windows\SysWOW64\iexpress.exe
iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
3⤵
- Suspicious use of WriteProcessMemory
PID:2900

C:\Windows\SysWOW64\makecab.exe
C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
4⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\21B4.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
83KB

MD5
f3539c6999b371ee48ea5934b53b5532

SHA1
b780388a8c5412b20dda150349f9cc35a927dc23

SHA256
7650dba03cfb4bd869a84852c71070623c4b775e75a3ae4d023487f091260be7

SHA512
e1ea67dd884279813918b9af613a238227b118fe99cc40ebac32fb5dd9fe16f32bed0b6ef3a66c30d82d852421bfaa362ad453c77121484fc2de8c9d92183822

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit
memory/2924-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2924-17-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download