1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:24

Target

1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe
Size

256KB
MD5

0602f06c1d690e76d608e38fdac07f8a
SHA1

dfb7c2305f02d1266161c3965c419116912e7891
SHA256

1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45
SHA512

536d1e5d2a955b4b720c9a9b4420eef9f8608f4050f47fbed0a789c8d45bbb62c82ffe7b3d53c7c3024bf4925bf0d5f16df48d8221fd4e6b6655cbd0ff1e0510
SSDEEP

6144:zz7htMEeNEk6Y9VufTdo6QgWjr/eg0uln28VSzucIkvGKUIMlAWCX79+1lVx:z/3MEeN96Y9QfBoRvjr/eg0ul28VTcIr

Score

7^/10

Deletes itself 1 IoCs

Processes:

1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid process

1080 1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe
Executes dropped EXE 1 IoCs

Processes:

1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid process

1080 1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe
Loads dropped DLL 1 IoCs

Processes:

1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid process

2244 1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid process

2244 1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid process

1080 1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid	process
1080	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid	process
1080	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid	process
2244	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid	process
2244	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

pid	process
1080	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

description	pid	process	target process
PID 2244 wrote to memory of 1080	2244	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe
PID 2244 wrote to memory of 1080	2244	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe
PID 2244 wrote to memory of 1080	2244	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe
PID 2244 wrote to memory of 1080	2244	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe	1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

\Users\Admin\AppData\Local\Temp\1ec611b99f7379d0b9bb1ac3d2d5fe8a7b8f8c8f202c299e0dd51393bb33fe45.exe

Filesize
256KB

MD5
00b2f0397959ea73b118fb1f70805c29

SHA1
d2b22dbe2b8c5042fd18f6100823a147a377ef75

SHA256
5fc5c976a7ea1c86b4875720d4b4c603ed398d87e3f7b724352a6b2c010024c6

SHA512
e07db9cded1b1a2f2084ce9c02de3cdea13cf2e268f9b60839bd2ffed853c0608811876e11aef695a52cf2631126b2275af805637b1eeb424d0f0cc3ef372281

Download Submit
memory/1080-12-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1080-10-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1080-16-0x0000000000180000-0x00000000001C7000-memory.dmp

Filesize
284KB

Download
memory/2244-0-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2244-8-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download