2bfb6a80b58e6ee13a0d6aab3d07f8c4ebf8c28afef387ee583c9131c442507e

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 08:08

Target

8260f41d38d861e515e95ff3bbc4dd30N.exe
Size

79KB
MD5

8260f41d38d861e515e95ff3bbc4dd30
SHA1

31e5cd133a744e535509acdf6bd10bc98c27570e
SHA256

2bfb6a80b58e6ee13a0d6aab3d07f8c4ebf8c28afef387ee583c9131c442507e
SHA512

e8d35d330ef05076614df4f7d5ebdbb735e114ff013bb9da6cdc0b4887c0020ec80daa8318d95a8f30e2dc09db651c7e6713fdc2c19081dfbb8a8e168d025f2e
SSDEEP

1536:zvSKKHfuaJOwqOQA8AkqUhMb2nuy5wgIP0CSJ+5yoB8GMGlZ5G:zviHfuXwfGdqU7uy5w9WMyoN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2540	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2180	cmd.exe
2180	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2180	2556	8260f41d38d861e515e95ff3bbc4dd30N.exe	31
PID 2556 wrote to memory of 2180	2556	8260f41d38d861e515e95ff3bbc4dd30N.exe	31
PID 2556 wrote to memory of 2180	2556	8260f41d38d861e515e95ff3bbc4dd30N.exe	31
PID 2556 wrote to memory of 2180	2556	8260f41d38d861e515e95ff3bbc4dd30N.exe	31
PID 2180 wrote to memory of 2540	2180	cmd.exe	32
PID 2180 wrote to memory of 2540	2180	cmd.exe	32
PID 2180 wrote to memory of 2540	2180	cmd.exe	32
PID 2180 wrote to memory of 2540	2180	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\8260f41d38d861e515e95ff3bbc4dd30N.exe
"C:\Users\Admin\AppData\Local\Temp\8260f41d38d861e515e95ff3bbc4dd30N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2540

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8042e3af0a82f10469c51f8eed3992a8

SHA1
47542ec3d7fdab7805cd92117737d75517f5c3be

SHA256
415c337ed39f6d1aa0decb0a415b2988c73aa2ad70ed2ddbfc5f06055d04934f

SHA512
5dfa37ee34faa6b7dc20cd9b53cfb4d4930e508eb24a7636ddc87c694a1ed060d326c750682f8f8229cade0d344abb78ce1bfedc6566896adbbc15b02651cbde

Download Submit
memory/2540-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2556-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download