c84b9fd4422315e0a61f46cffd350909c97dc9230ab2c5afb66c2cf9f1f01a53

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 02:48

Target

c84b9fd4422315e0a61f46cffd350909c97dc9230ab2c5afb66c2cf9f1f01a53.exe
Size

79KB
MD5

0d362794eb8af77f7200e5f3a3025374
SHA1

ee4ba200f9ea56310fe39e333b75fdd88cef65d9
SHA256

c84b9fd4422315e0a61f46cffd350909c97dc9230ab2c5afb66c2cf9f1f01a53
SHA512

4f206215f8543858df3810d998dc32fbf5d0dab5ba80ed91ca1d5388521284da2a344d833bf84b37bef4f64c8caf5292e84e7a6123be12b5b43a4829a49fe17a
SSDEEP

1536:zvfPe3JVhIOPOQA8AkqUhMb2nuy5wgIP0CSJ+5y2tB8GMGlZ5G:zvfPe3GOmGdqU7uy5w9WMy+N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3060	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2428	cmd.exe
2428	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2428	2424	c84b9fd4422315e0a61f46cffd350909c97dc9230ab2c5afb66c2cf9f1f01a53.exe	29
PID 2424 wrote to memory of 2428	2424	c84b9fd4422315e0a61f46cffd350909c97dc9230ab2c5afb66c2cf9f1f01a53.exe	29
PID 2424 wrote to memory of 2428	2424	c84b9fd4422315e0a61f46cffd350909c97dc9230ab2c5afb66c2cf9f1f01a53.exe	29
PID 2424 wrote to memory of 2428	2424	c84b9fd4422315e0a61f46cffd350909c97dc9230ab2c5afb66c2cf9f1f01a53.exe	29
PID 2428 wrote to memory of 3060	2428	cmd.exe	30
PID 2428 wrote to memory of 3060	2428	cmd.exe	30
PID 2428 wrote to memory of 3060	2428	cmd.exe	30
PID 2428 wrote to memory of 3060	2428	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\c84b9fd4422315e0a61f46cffd350909c97dc9230ab2c5afb66c2cf9f1f01a53.exe
"C:\Users\Admin\AppData\Local\Temp\c84b9fd4422315e0a61f46cffd350909c97dc9230ab2c5afb66c2cf9f1f01a53.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3060

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fa67460d889438888a25f3921cf7305b

SHA1
1204c235fb79dd572080fa299a8a29683c5a9d84

SHA256
2640583380f00a8e75b5c475577a6d0685c7c6a27de2d6a8e49441217ff3a740

SHA512
0ea644a8484677b87e29c6b8d4f350d5c0a794643a77fdd6550e2be606c3c3b4b4f70f55e98e0cf2ca08ee0549163cb2bc70c071e4becce0eb41ecbd3da6266b

Download Submit
memory/2424-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3060-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download