a66f73395af2a32de34e971bc720525eaffb9ae2a2af6967f5572f47886f2dea

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 19:34

Target

c70057bba44959b771e3b67486e813f0N.exe
Size

71KB
MD5

c70057bba44959b771e3b67486e813f0
SHA1

1698f4be2821992963079a0876b8f16884737b2a
SHA256

a66f73395af2a32de34e971bc720525eaffb9ae2a2af6967f5572f47886f2dea
SHA512

255d4c0a6d69f2f04a91466d71238c4287cfc8813e0b84cf68532764c90e98a5ee8a0ccdeed4760925740b210835c0528f13f134786accbd4ac60a6ef62ca858
SSDEEP

1536:1fbu2+qEzyX/vh4K+AI5JZC17KNfeCIG3nc3ij/OVVhcEnYNk:du2+qEzyX/vh4K+AI5JZCMN1I2nSiDOl

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1684	oxkurek-fom.exe

Loads dropped DLL 1 IoCs

pid	Process
2024	c70057bba44959b771e3b67486e813f0N.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\oxkurek-fom.exe	c70057bba44959b771e3b67486e813f0N.exe
File created	C:\Windows\SysWOW64\oxkurek-fom.exe	c70057bba44959b771e3b67486e813f0N.exe

C:\Users\Admin\AppData\Local\Temp\c70057bba44959b771e3b67486e813f0N.exe
"C:\Users\Admin\AppData\Local\Temp\c70057bba44959b771e3b67486e813f0N.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:2024
- C:\Windows\SysWOW64\oxkurek-fom.exe
  "C:\Windows\SysWOW64\oxkurek-fom.exe"
  2⤵
  - Executes dropped EXE
  PID:1684

C:\Windows\SysWOW64\oxkurek-fom.exe

Filesize
68KB

MD5
ca1af6321cf32d8d3b2b5ba3a3db16d5

SHA1
c81706afea9f09d26872ff6815d00805ef7fbd2a

SHA256
6e58c3cabea76531bde0a3aa21e643bb06e52d2c8ae59658d7cffc34f297bff7

SHA512
c70023427c82bc5fe6bd976e22c75aae248d9b1d98091cc4f5d46d07f4214ff936809e18be530d336320a152d18f87f62c8f05d852d9a61ca042ef536ee77d50

Download Submit
memory/2024-5-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download