b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 04:13

Target

b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe
Size

448KB
MD5

7a056da6f00634b3975fed6b5dcb777a
SHA1

21820edcb6f568ad60ccd64f7bbfa23b4828f1a5
SHA256

b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160
SHA512

bdf11d79cae3de1eeed235c4d0c545dc65f7707db0c8e7a56fc09a147e41a51fba8da72bac95828d2f4abf0f22f80ecac0f41820c018640b79ea9e1ddf6c018b
SSDEEP

12288:31YOvfaEuvP0gXCi5zVejWhVQ5zCD4TyWN4:31YOvfaEuvP0gXCi5zsjWhVQ5zY4xN4

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2864	b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe

Executes dropped EXE 1 IoCs

pid	Process
2864	b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe

Loads dropped DLL 1 IoCs

pid	Process
2652	b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2652	b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2864	b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2864	2652	b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe	31
PID 2652 wrote to memory of 2864	2652	b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe	31
PID 2652 wrote to memory of 2864	2652	b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe	31
PID 2652 wrote to memory of 2864	2652	b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe	31

\Users\Admin\AppData\Local\Temp\b9e4ff7a7b7427febe6c667e5efd860a8ae6c2f326f90171646029cff6a87160.exe

Filesize
448KB

MD5
89dab9b7575aef5e35a3be05452f102f

SHA1
d91f2d7911e787185ae1be332c91aa7bc4021705

SHA256
b879c4be60ed2af7d26a5eb9f49ab64a2cf8806ccd0ac10036c4129756180c27

SHA512
ca8701fcf942e954239fdbace3dee89ccd7a1ac29262885ac602915b6bc2af80fda26af731e7d20686ec20a86f8369672c393289dca85e39562590ae1941a469

Download Submit
memory/2652-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2652-8-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2864-10-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2864-11-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2864-16-0x0000000000250000-0x0000000000296000-memory.dmp

Filesize
280KB

Download
memory/2864-17-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download