64389818a19aa9c08703010ad697d2a2d7061d7eeb0af7817d84c3ad7ebb6e9f

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 02:10

Target

56fe0a9d133ac4e6d236a35e659e0690.exe
Size

79KB
MD5

56fe0a9d133ac4e6d236a35e659e0690
SHA1

a18ce52246d12b8b5a3b52b3e4a0b876a6dc35c0
SHA256

64389818a19aa9c08703010ad697d2a2d7061d7eeb0af7817d84c3ad7ebb6e9f
SHA512

c8c3a1728910ab039280230dfc41dae6d04485015ecfffeb42e44f9947633f63aa4c4d22baf66f99e5d1bff8992506614489b616eb651abd62bf824d20352bc3
SSDEEP

1536:zv88W8vK2iyamsPCx8GlOQA8AkqUhMb2nuy5wgIP0CSJ+5yPB8GMGlZ5G:zv8x8vfiJ2P8GdqU7uy5w9WMyPN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2224	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2228	cmd.exe
2228	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2228	2480	56fe0a9d133ac4e6d236a35e659e0690.exe	29
PID 2480 wrote to memory of 2228	2480	56fe0a9d133ac4e6d236a35e659e0690.exe	29
PID 2480 wrote to memory of 2228	2480	56fe0a9d133ac4e6d236a35e659e0690.exe	29
PID 2480 wrote to memory of 2228	2480	56fe0a9d133ac4e6d236a35e659e0690.exe	29
PID 2228 wrote to memory of 2224	2228	cmd.exe	30
PID 2228 wrote to memory of 2224	2228	cmd.exe	30
PID 2228 wrote to memory of 2224	2228	cmd.exe	30
PID 2228 wrote to memory of 2224	2228	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\56fe0a9d133ac4e6d236a35e659e0690.exe
"C:\Users\Admin\AppData\Local\Temp\56fe0a9d133ac4e6d236a35e659e0690.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2224

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c339055b14072b5172a52f3db183e889

SHA1
641203d0b7acb2fa7377f2f350d25c9337cb0723

SHA256
fbc4a4aa9545801239531d1310c611c4dbe0afa75b11848e7c4106623249c804

SHA512
56c5f42f173a5a7918989cab35ca43c9e4a53f883ec5e7314c01f5cbba353d81547cf27e9def97330e37e46fa3258e5676b906f8c5ed51ca2a793da2e922be48

Download Submit
memory/2224-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2480-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download