cb31a5d713867991abf00acd7c8b6b782d78484347345c7a837c518ef5ac6c55

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 13:58

Target

c5151a685db50623365fd7281ed748b0N.exe
Size

79KB
MD5

c5151a685db50623365fd7281ed748b0
SHA1

599806efa677b42c68f45ffdeeebd4fea42372f4
SHA256

cb31a5d713867991abf00acd7c8b6b782d78484347345c7a837c518ef5ac6c55
SHA512

c5b0a7bf1215364048fa193e64e3c2629caf49a7538560c4a8e01c9d80434bffb0a111b344a41d1283b48ce2cefed975a45d24ef4dd23c27ca7d033102d2a1bb
SSDEEP

1536:zvmMrCRpMyzLRMeNxOQA8AkqUhMb2nuy5wgIP0CSJ+5yeB8GMGlZ5G:zvUhhAGdqU7uy5w9WMyeN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2440	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2280	cmd.exe
2280	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2280	1952	c5151a685db50623365fd7281ed748b0N.exe	31
PID 1952 wrote to memory of 2280	1952	c5151a685db50623365fd7281ed748b0N.exe	31
PID 1952 wrote to memory of 2280	1952	c5151a685db50623365fd7281ed748b0N.exe	31
PID 1952 wrote to memory of 2280	1952	c5151a685db50623365fd7281ed748b0N.exe	31
PID 2280 wrote to memory of 2440	2280	cmd.exe	32
PID 2280 wrote to memory of 2440	2280	cmd.exe	32
PID 2280 wrote to memory of 2440	2280	cmd.exe	32
PID 2280 wrote to memory of 2440	2280	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\c5151a685db50623365fd7281ed748b0N.exe
"C:\Users\Admin\AppData\Local\Temp\c5151a685db50623365fd7281ed748b0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2440

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ed002b1ed90e954dc1e2fdcc65050724

SHA1
6f0c1c3548d02631b322d811450ff553f8fab118

SHA256
dc0da4efe8dbfd461765c394160c1d14071ecc3c8405244e6566d0085209b7ab

SHA512
fd0b76b81748e438a80d0b192a8731af042dbd543d34598cca647438f5908bd06aba6eb4f0635791af65eeaeeff639b9654d4a57da5a92be700e7178d448c579

Download Submit
memory/1952-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2440-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download