8900e5bb9c0543157c15d3700370ce0d388fad620d268fa5715433bc5657473c

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 00:02

Target

2f1bb0bd9a5650da67656341025e0bb0N.exe
Size

79KB
MD5

2f1bb0bd9a5650da67656341025e0bb0
SHA1

489c9d5cdc08c6bc9750848fff71fae13e7057c9
SHA256

8900e5bb9c0543157c15d3700370ce0d388fad620d268fa5715433bc5657473c
SHA512

7815d633ea540cb5e0f5b6f97092c178a173ea010b6fa4e0be8eebf36064945142bc37d90070ce5f8f93a9b11e8907b39821505c6ab8d3ee7c9efc54905660fd
SSDEEP

1536:zvLL///iH7AtfIrRjOQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvf///iH7+fUQGdqU7uy5w9WMyiN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1968	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1432	cmd.exe
1432	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1432	2488	2f1bb0bd9a5650da67656341025e0bb0N.exe	30
PID 2488 wrote to memory of 1432	2488	2f1bb0bd9a5650da67656341025e0bb0N.exe	30
PID 2488 wrote to memory of 1432	2488	2f1bb0bd9a5650da67656341025e0bb0N.exe	30
PID 2488 wrote to memory of 1432	2488	2f1bb0bd9a5650da67656341025e0bb0N.exe	30
PID 1432 wrote to memory of 1968	1432	cmd.exe	31
PID 1432 wrote to memory of 1968	1432	cmd.exe	31
PID 1432 wrote to memory of 1968	1432	cmd.exe	31
PID 1432 wrote to memory of 1968	1432	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\2f1bb0bd9a5650da67656341025e0bb0N.exe
"C:\Users\Admin\AppData\Local\Temp\2f1bb0bd9a5650da67656341025e0bb0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1432
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1968

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
231fbd1edc7f36e156a79145aba6b071

SHA1
06961be03689c3c5aab348b018f87ff534caf583

SHA256
830676f2e1899f5f70ebad8bd658d12e1d87c513e59455b85271bfc1b3184496

SHA512
387385686d0cf8b9962a110349ee54c37e8ce813964af9581f0aa7484803904635c54512943f991aa2a2e9b9735315efb1977a579006ae4028cae126a103732b

Download Submit
memory/1968-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2488-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download