42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:00

Target

42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe
Size

668KB
MD5

07aec33a5855e8c1b482492fef134d90
SHA1

e7c904e022272aa9a306df83f630029ca1ffdbb7
SHA256

42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27
SHA512

fe1be127751f6e25fac28835d670e390cd4c2597ba1af98e3686c92208f75f7240f4b88338d0d701a01c080a55a925da3fb8a28288c70e8e59260944ee27ab82
SSDEEP

12288:wb8WKLL+QlJDHUVQ5zCN2j6FB5WMlL143VQ5zCSjdgEi0kXz:28WKLqQlJDHUVQ5zg2mblLO3VQ5zxjda

Score

7^/10

Deletes itself 1 IoCs

Processes:

42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid process

2064 42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe
Executes dropped EXE 1 IoCs

Processes:

42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid process

2064 42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe
Loads dropped DLL 1 IoCs

Processes:

42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid process

1656 42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid process

1656 42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid process

2064 42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid	process
2064	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid	process
2064	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid	process
1656	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid	process
1656	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

pid	process
2064	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

description	pid	process	target process
PID 1656 wrote to memory of 2064	1656	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe
PID 1656 wrote to memory of 2064	1656	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe
PID 1656 wrote to memory of 2064	1656	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe
PID 1656 wrote to memory of 2064	1656	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe	42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

C:\Users\Admin\AppData\Local\Temp\42c35de1c01db0c88dc3fa3c545ab8f7dabc012e7d9d99429bcd504c0ba18d27.exe

Filesize
668KB

MD5
bf80212dfc82e45c74f4183e39557ddf

SHA1
4a1635470c34809f8d85ed83c6d6d16de6e8328d

SHA256
31087d58649da40cbbc5469bb11a53462d2a475544d68913e89d86b005083e72

SHA512
04ddfb43aa6129782d31c90aecae11662bce55ea89fffaba535bc765a8de5d5baa9525f926427a5b26bbb8c82625291a66021b87a989002ded8e7feccc89ef02

Download Submit
memory/1656-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1656-9-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2064-10-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2064-12-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2064-16-0x0000000000130000-0x0000000000171000-memory.dmp

Filesize
260KB

Download