c8a496dcf94d5d246dec0747f139957709b63412f48d9a1591ca5e771a988636

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 17:59

Target

7_zip_installer.exe
Size

120KB
MD5

6500ecbc6246ef726e41a910226eeb70
SHA1

63a0db918620989f0520cdaca658c842d3449d4a
SHA256

a95da033c563c411be8f49f91584e111e702d1221fdfc22d44dd12d5fe0ef934
SHA512

4e5e1b20c8f62304816bf86c53568d0b97e06f82143e8b1020a404c4f2b46026894946b5075aa1b21dd124b96be692a2b0053229688ca2b1d7ac83acd2e1f65b
SSDEEP

1536:j8mBfI1/Rx3iQDiA1lKFPqmg368mVFIN2CfLMERcu4CX/BSmnnnnnZ/ihnPOLvOV:jE70aPKY1ga2CfApEkmnnnnnZ/iUvV8

Score

8^/10

evasion

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

7_zip_installer.exe

description	pid	process	target process
PID 2764 wrote to memory of 2692	2764	7_zip_installer.exe	dw20.exe
PID 2764 wrote to memory of 2692	2764	7_zip_installer.exe	dw20.exe
PID 2764 wrote to memory of 2692	2764	7_zip_installer.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\7_zip_installer.exe
"C:\Users\Admin\AppData\Local\Temp\7_zip_installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2764

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
dw20.exe -x -s 668
2⤵
PID:2692

memory/2692-4-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/2764-0-0x000007FEF601E000-0x000007FEF601F000-memory.dmp

Filesize
4KB

Download
memory/2764-1-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-2-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-3-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download
memory/2764-5-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

Filesize
9.6MB

Download