185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 12:22

Target

185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9.exe
Size

12.3MB
MD5

f861f2b95a6d823d0283fc5ffd9530d8
SHA1

aa59fda6f8c642cd9d1441cfa25972ea1ce1695c
SHA256

185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9
SHA512

3dc22c905a2d66e3e7be71bcdf1d58d65945c021a771dabdda94282662c3cbe15a8897909aa7e1324a6f2677b3a0fe625088bb1cbbc430f1d0abed1f60f0f98e
SSDEEP

393216:sQzFfWoTrBhAp3874jI3dQnlBhX6a+soTWO1:p5WoT88nQnlnz+sqL

Score

1^/10

Modifies Control Panel 3 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Control Panel\International\sShortDate = "yyyy-MM-dd"	185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Control Panel\International\iDate = "2"	185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Control Panel\International\sDate = "-"	185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2248	185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2980	2248	185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9.exe	29
PID 2248 wrote to memory of 2980	2248	185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9.exe	29
PID 2248 wrote to memory of 2980	2248	185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9.exe	29
PID 2248 wrote to memory of 2980	2248	185dc593ac4ef43ec67688f94b98a44a87ce5340cd3f6a2b75764b3cb36ef1e9.exe	29
PID 2980 wrote to memory of 2256	2980	cmd.exe	31
PID 2980 wrote to memory of 2256	2980	cmd.exe	31
PID 2980 wrote to memory of 2256	2980	cmd.exe	31
PID 2980 wrote to memory of 2256	2980	cmd.exe	31
PID 2256 wrote to memory of 1640	2256	net.exe	32
PID 2256 wrote to memory of 1640	2256	net.exe	32
PID 2256 wrote to memory of 1640	2256	net.exe	32
PID 2256 wrote to memory of 1640	2256	net.exe	32

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
1⤵
PID:2644

memory/2248-0-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2248-1-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2248-3-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download