390985b4a3d2faf3ff391f3a75081ac2a4655f280201ee1299848cb8d9896031

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 20:39

Target

09cd8469223e3ee7b05dae3b58471de0N.exe
Size

29KB
MD5

09cd8469223e3ee7b05dae3b58471de0
SHA1

8b35610c801517d9ec59d1533e8c68b0339cdabe
SHA256

390985b4a3d2faf3ff391f3a75081ac2a4655f280201ee1299848cb8d9896031
SHA512

78fe6f2e9e216c365a4d34229b7ebca63c25f56657d430c634d5ea2fadfdde82cf50bf224a16f7c6a184693c9c68b3aec47a64c45aa6c9c4d52a42c27d60e36b
SSDEEP

384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGXLR:v/qSamrxDmqoKM4Z0iwtwALR

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2732	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2680	2024072120.exe

Loads dropped DLL 2 IoCs

pid	Process
2152	09cd8469223e3ee7b05dae3b58471de0N.exe
2152	09cd8469223e3ee7b05dae3b58471de0N.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2152	09cd8469223e3ee7b05dae3b58471de0N.exe
2680	2024072120.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2680	2152	09cd8469223e3ee7b05dae3b58471de0N.exe	31
PID 2152 wrote to memory of 2680	2152	09cd8469223e3ee7b05dae3b58471de0N.exe	31
PID 2152 wrote to memory of 2680	2152	09cd8469223e3ee7b05dae3b58471de0N.exe	31
PID 2152 wrote to memory of 2680	2152	09cd8469223e3ee7b05dae3b58471de0N.exe	31
PID 2152 wrote to memory of 2732	2152	09cd8469223e3ee7b05dae3b58471de0N.exe	32
PID 2152 wrote to memory of 2732	2152	09cd8469223e3ee7b05dae3b58471de0N.exe	32
PID 2152 wrote to memory of 2732	2152	09cd8469223e3ee7b05dae3b58471de0N.exe	32
PID 2152 wrote to memory of 2732	2152	09cd8469223e3ee7b05dae3b58471de0N.exe	32

C:\Users\Admin\AppData\Local\Temp\09cd8469223e3ee7b05dae3b58471de0N.exe
"C:\Users\Admin\AppData\Local\Temp\09cd8469223e3ee7b05dae3b58471de0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\2024072120.exe
  C:\Users\Admin\AppData\Local\Temp\2024072120.exe down
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2680
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\del.bat
  2⤵
  - Deletes itself
  PID:2732

C:\Users\Admin\AppData\Local\Temp\2024072120.exe

Filesize
29KB

MD5
6eeed7780ba8b988852e3598ad0471c6

SHA1
ffe8b5cefdf337614d78bb77e886896e96358e14

SHA256
f1a60fb2c5d2d9452443af51d2a6fa905ad336a8713910203fc6fff4676e3440

SHA512
42141675d2de98d157465c1a4b930be5043eaf771178dfa0af25d62e426605ba929211d414fd4235804d93ca4910b14e1b4d63d76f93c061b59d09e8446a418b

Download Submit
C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
174B

MD5
7048fa05e1a65ccd30a4e5eab366e77c

SHA1
4039cff4316250ce943fae27198e030b8652ebad

SHA256
3fbf6eb28d35dcdb89bc7805b2561729343179adada37a5973dc0de9b5cd3003

SHA512
661a4af42c86fddd9ebd334e148ca12b4ed938fa64d156ec50c08728531e7e691dccd39196e1f07086b71ea606e1658a92f0c05dd209cc3d2c7fe6b9b003a350

Download Submit
memory/2680-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download