6d259d23c285fa5fb619ac7e6a8cb3d4aa5f7cfdd85eb6910e93ae407783f1da

Analysis

max time kernel
361s
max time network
363s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 21:29

Target

Ocean-fI0H3L5M6.exe
Size

2.3MB
MD5

c1789a41271b60738eac0e75e50301c5
SHA1

878947f22453e7b60c4d9e76459ee345e79da950
SHA256

6d259d23c285fa5fb619ac7e6a8cb3d4aa5f7cfdd85eb6910e93ae407783f1da
SHA512

6fa73c5e3832b95bc4c9fb3c547b956aa43ce370559cf07ac093a52764755df33b6ce6d978ad5f384daffb467ad03451dcda69c6b01f47e9382ea3ada2677014
SSDEEP

24576:XhLphtLzNPZlVOEvD9SYtSBzh0DkkaE64RyKMZyCV1E5/VGJnFLOX:XNtL99OEUtWDkG6MptMn8

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
2244	tWzDle.exe

Loads dropped DLL 1 IoCs

pid	Process
2652	Ocean-fI0H3L5M6.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2244	tWzDle.exe
2244	tWzDle.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2244	tWzDle.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2652	Ocean-fI0H3L5M6.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2244	2652	Ocean-fI0H3L5M6.exe	30
PID 2652 wrote to memory of 2244	2652	Ocean-fI0H3L5M6.exe	30
PID 2652 wrote to memory of 2244	2652	Ocean-fI0H3L5M6.exe	30
PID 2652 wrote to memory of 2576	2652	Ocean-fI0H3L5M6.exe	32
PID 2652 wrote to memory of 2576	2652	Ocean-fI0H3L5M6.exe	32
PID 2652 wrote to memory of 2576	2652	Ocean-fI0H3L5M6.exe	32

C:\Users\Admin\AppData\Local\Temp\Ocean-fI0H3L5M6.exe
"C:\Users\Admin\AppData\Local\Temp\Ocean-fI0H3L5M6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Users\Admin\AppData\Local\Temp\l2VvLsVwG49\tWzDle.exe
  C:\Users\Admin\AppData\Local\Temp\l2VvLsVwG49\tWzDle.exe I0H3L5M6
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2652 -s 636
  2⤵
  PID:2576

\Users\Admin\AppData\Local\Temp\l2VvLsVwG49\tWzDle.exe

Filesize
7.5MB

MD5
7ce2377bbd24db6389f4bd72f68eb420

SHA1
1efba8a48ad9a615e851e98ca8b881e05d6e6cf3

SHA256
7493d5a54f66c7d8ba8356b5c7c97a1358622c24c86e75ce39bc6e6c4226aa39

SHA512
d253792f5aee9934377c47815111904a17d38de764ce1f991db09ddc832da1f71c38732443144eaf3a4524ea848ff49c5abbddfecc1f32ab95041514d5f199c2

Download Submit
memory/2244-15-0x0000000140C18000-0x0000000140E4A000-memory.dmp

Filesize
2.2MB

Download
memory/2244-28-0x0000000140000000-0x00000001415D5000-memory.dmp

Filesize
21.8MB

Download
memory/2244-32-0x0000000140000000-0x00000001415D5000-memory.dmp

Filesize
21.8MB

Download
memory/2244-25-0x00000000773A0000-0x00000000773A2000-memory.dmp

Filesize
8KB

Download
memory/2244-23-0x00000000773A0000-0x00000000773A2000-memory.dmp

Filesize
8KB

Download
memory/2244-21-0x00000000773A0000-0x00000000773A2000-memory.dmp

Filesize
8KB

Download
memory/2244-20-0x0000000077390000-0x0000000077392000-memory.dmp

Filesize
8KB

Download
memory/2244-18-0x0000000077390000-0x0000000077392000-memory.dmp

Filesize
8KB

Download
memory/2244-16-0x0000000077390000-0x0000000077392000-memory.dmp

Filesize
8KB

Download
memory/2244-31-0x0000000140C18000-0x0000000140E4A000-memory.dmp

Filesize
2.2MB

Download
memory/2244-33-0x0000000140000000-0x00000001415D5000-memory.dmp

Filesize
21.8MB

Download