964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:35

Target

964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0.exe
Size

79KB
MD5

31fef4eee662eb8cc3d18cb8854f39da
SHA1

73054c2c5f5befe88cb5f9681099feb066c0efb3
SHA256

964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0
SHA512

e48181d91e8f94b1fae82e29687eddd692ef2dd5df6942742322772b5553895d00bc95b7418a563ab1e4ce17ec036f538db34f394cd0c5f54c01bb88c9a450d6
SSDEEP

1536:zvzd/wcm5Gq33fmXo7OQA8AkqUhMb2nuy5wgIP0CSJ+5yQB8GMGlZ5G:zv6ca36oqGdqU7uy5w9WMyQN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

344 [email protected]
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

2192 cmd.exe
2192 cmd.exe

pid	process
344	[email protected]

pid	process
2192	cmd.exe
2192	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0.execmd.exe

description	pid	process	target process
PID 2184 wrote to memory of 2192	2184	964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0.exe	cmd.exe
PID 2184 wrote to memory of 2192	2184	964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0.exe	cmd.exe
PID 2184 wrote to memory of 2192	2184	964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0.exe	cmd.exe
PID 2184 wrote to memory of 2192	2184	964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0.exe	cmd.exe
PID 2192 wrote to memory of 344	2192	cmd.exe	[email protected]
PID 2192 wrote to memory of 344	2192	cmd.exe	[email protected]
PID 2192 wrote to memory of 344	2192	cmd.exe	[email protected]
PID 2192 wrote to memory of 344	2192	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0.exe
"C:\Users\Admin\AppData\Local\Temp\964cba16cb6d3ef9a5cadef8672c3d54925d333773f7af08342480f3ac6f1fa0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:344

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
18417ba62895542a6492212e17c09dec

SHA1
39d0d671a7563301ae379d8013552e9fa754ac02

SHA256
38527750f6d3f38e25024b31fdcceb7c189726ddb17112656b21ecb0175f0469

SHA512
6755997d84c35fd103787ce829ace269d307383afb5512ad99e2834a4659b32f0239fe6ae3bb8e8f5798d8305df62aa633ade8f3e08f8e7356b71f1c51bc9e59

Download Submit
memory/344-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2184-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download