98c0280651f97983e1f4ef53d0c9cb953c273665103f117d3850e804496de73a

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 06:40

Target

7ba180e502a178d39e732275f3933ea0N.exe
Size

83KB
MD5

7ba180e502a178d39e732275f3933ea0
SHA1

0f5ab768b32ab174ca6125104acae085ad740809
SHA256

98c0280651f97983e1f4ef53d0c9cb953c273665103f117d3850e804496de73a
SHA512

70222df9cb91aab82c7efdb203c5904f53f1348c523ced15f1ce4a8754b242c7e3e370237ea641976bcb88bde8fac2c787d8f20a7ae106ddc6ee18f61b2b9001
SSDEEP

1536:lvxXJBPChyOQA8A0qUhMb2nuy5wgIP0CS3q+5yxtB8GMGlZ54:lvxeh3GhqU7uy5w9NMyTN54

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2456	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2404	cmd.exe
2404	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 2404	1144	7ba180e502a178d39e732275f3933ea0N.exe	30
PID 1144 wrote to memory of 2404	1144	7ba180e502a178d39e732275f3933ea0N.exe	30
PID 1144 wrote to memory of 2404	1144	7ba180e502a178d39e732275f3933ea0N.exe	30
PID 1144 wrote to memory of 2404	1144	7ba180e502a178d39e732275f3933ea0N.exe	30
PID 2404 wrote to memory of 2456	2404	cmd.exe	31
PID 2404 wrote to memory of 2456	2404	cmd.exe	31
PID 2404 wrote to memory of 2456	2404	cmd.exe	31
PID 2404 wrote to memory of 2456	2404	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\7ba180e502a178d39e732275f3933ea0N.exe
"C:\Users\Admin\AppData\Local\Temp\7ba180e502a178d39e732275f3933ea0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2456

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
83KB

MD5
d74320c6a4329f2cddb83f68ac76a4b2

SHA1
9d9ec54347c5413a42e1bb4e892742b577db42b8

SHA256
9e5afbea7573fd0a0ceaccdf76256f07e27b284c042e5d82a54b46b174d2baf5

SHA512
6d04c6506c33e2139d66a9bbd946f9579020ccba924d8b42f75c4d76688925530b65672397481968ff6d744d9a1bce31e40c95f696a0324b88b52a445f54fd02

Download Submit
memory/1144-8-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2456-7-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download