944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:21

Target

944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe
Size

79KB
MD5

60701ea7084819139079a760b26273ac
SHA1

ff8f5f906b54f3d5fbbe422dcd11a693ea1a36cf
SHA256

944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce
SHA512

67f7984259a607abe69015e505a6da24e6f0d551791b4460684b9215a36d6a658ec718c6f07defcf4e48ad7898e291c8cec5f46d9cd5df30181d3278c25e0d6a
SSDEEP

1536:zv3JmHlv340W6OQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvZmHlvfWPGdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

2712 [email protected]
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

1300 cmd.exe
1300 cmd.exe

pid	process
2712	[email protected]

pid	process
1300	cmd.exe
1300	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.execmd.exe

description	pid	process	target process
PID 2220 wrote to memory of 1300	2220	944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe	cmd.exe
PID 2220 wrote to memory of 1300	2220	944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe	cmd.exe
PID 2220 wrote to memory of 1300	2220	944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe	cmd.exe
PID 2220 wrote to memory of 1300	2220	944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe	cmd.exe
PID 1300 wrote to memory of 2712	1300	cmd.exe	[email protected]
PID 1300 wrote to memory of 2712	1300	cmd.exe	[email protected]
PID 1300 wrote to memory of 2712	1300	cmd.exe	[email protected]
PID 1300 wrote to memory of 2712	1300	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe
"C:\Users\Admin\AppData\Local\Temp\944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:2712

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
04105d660c34569a7b0ef461d44dc9cf

SHA1
9d956dbf0ce1e3ac529610af878ea99a6238c526

SHA256
cfb18086aeab81f1031c442f93ebe9e250c81ef4af0cc3239889434f0e0a352f

SHA512
1fe48d5d7ff734b844f266abbdfb6859deaee579ca6a3d86ba5ebb24cbb4e0ab7755d6ba94788308121763c9a21277abbd49026bfb6b09b7d8e893afec320f82

Download Submit
memory/2220-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2712-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download