a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:18

Target

a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe
Size

816KB
MD5

13b55cb6496fc371330edd5222ce4a7d
SHA1

964f7a4e8559e358c689e218018c3c7dc135eb35
SHA256

a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199
SHA512

5520e6b100062b3f2cc9bcffeeaf4c6af7fe5c891d211d625a0d1e858e53f04426ae4953e553af18abdc995664d80fb6cf9e5e54287d1a51fb589d342610fe44
SSDEEP

24576:aY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9O:T3XZynV4oDabuWbDQOcIxJJ9O

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

1D0A0D0C120B156F155D15A0A0C160C0D160C.exe

pid process

1992 1D0A0D0C120B156F155D15A0A0C160C0D160C.exe

pid	process
1992	1D0A0D0C120B156F155D15A0A0C160C0D160C.exe

Loads dropped DLL 2 IoCs

Processes:

a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe

pid	process
2332	a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe
2332	a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe1D0A0D0C120B156F155D15A0A0C160C0D160C.exe

pid process

2332 a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe
1992 1D0A0D0C120B156F155D15A0A0C160C0D160C.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe

description	pid	process	target process
PID 2332 wrote to memory of 1992	2332	a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe	1D0A0D0C120B156F155D15A0A0C160C0D160C.exe
PID 2332 wrote to memory of 1992	2332	a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe	1D0A0D0C120B156F155D15A0A0C160C0D160C.exe
PID 2332 wrote to memory of 1992	2332	a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe	1D0A0D0C120B156F155D15A0A0C160C0D160C.exe
PID 2332 wrote to memory of 1992	2332	a2abcef58ca4622cd63b220887be0659e69ff0d517c131205ac426b7f1083199.exe	1D0A0D0C120B156F155D15A0A0C160C0D160C.exe

C:\Users\Admin\AppData\Local\Temp\1D0A0D0C120B156F155D15A0A0C160C0D160C.exe

Filesize
816KB

MD5
e3583c8f02de36463c2410faeb57e2b8

SHA1
e951f916244d4bfdc7539c6314fb6a3134de5e68

SHA256
6e0d10b35bd8de0be382e6ab64f192c1fccf6cffe1a2b07490f80fa5f63fc0c6

SHA512
78110d839ae838f297c527da6a2631ecd22ec3f043041a6abb6391fd3cc4304de8f6cdb2e8ea68a4e8fdb59305db43c8420ca4242b98ed2f02aa7dbbe49c19ac

Download Submit
memory/1992-14-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/1992-16-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/1992-15-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2332-0-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2332-2-0x0000000000401000-0x000000000041F000-memory.dmp

Filesize
120KB

Download
memory/2332-12-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2332-11-0x0000000002060000-0x000000000220D000-memory.dmp

Filesize
1.7MB

Download
memory/2332-1-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download