754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:10

Target

754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe
Size

79KB
MD5

13e29617b193102c57cccefe6e9ddf71
SHA1

083d503f7eae0921a7bd82a41610375b7db49323
SHA256

754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864
SHA512

451fadafd914b786e26934b3e58773bd2188bbea029b22d22d2a2eed3a05f7a5239c9e9da405be56750d25f3290808b6067aa59a858c79151386a4a6cc50cb03
SSDEEP

1536:zvXqoTwlA5hqbqzOQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvaO5/yGdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

2580 [email protected]
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

3012 cmd.exe
3012 cmd.exe

pid	process
2580	[email protected]

pid	process
3012	cmd.exe
3012	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.execmd.exe

description	pid	process	target process
PID 2656 wrote to memory of 3012	2656	754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe	cmd.exe
PID 2656 wrote to memory of 3012	2656	754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe	cmd.exe
PID 2656 wrote to memory of 3012	2656	754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe	cmd.exe
PID 2656 wrote to memory of 3012	2656	754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe	cmd.exe
PID 3012 wrote to memory of 2580	3012	cmd.exe	[email protected]
PID 3012 wrote to memory of 2580	3012	cmd.exe	[email protected]
PID 3012 wrote to memory of 2580	3012	cmd.exe	[email protected]
PID 3012 wrote to memory of 2580	3012	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe
"C:\Users\Admin\AppData\Local\Temp\754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:2580

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
133fe8e41498ffb4a652aecffe931582

SHA1
d468c2c0824ea51f9d0c5b5dd3b94dfa12b62ee4

SHA256
ce5a0d5e447d12c30316cd5f473cdb61eb154cb41fea226a6bf98f721946057d

SHA512
33ad9bdf73b683cdfe5f549eb9995d0d07f5e8a4aa97055d4a8ce382bd1cc127b1b05e6d8d0b0e8454961003accce9ce261d4e6d9f2b41c3b81c5202119c1591

Download Submit
memory/2580-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2656-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download