5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 13:30

Target

5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe
Size

2.5MB
MD5

414753e6caa05ca4a49546cec841ef10
SHA1

998c0b4533f3e00eeacf441fbe29575198a574d4
SHA256

5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6
SHA512

c6f1476229c6587d7209455cbba42f1eb44b72b14842a60b446ab8252330c3f47d332f95645136493dfe07f8f00e4064bf6f789149e9dec0807024f5effdf4a7
SSDEEP

24576:wV9cJXtGndLzF0szq2l9RU0t+kRsKWj+dWdo+Ec0xMki8UsU3AoAMXqozj+inKM:k9cJXcndLzF0OU8VdWdqMXqozj+inKM

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

install_2.dll

pid	Process
2928	install_2.dll

Loads dropped DLL 1 IoCs

Processes:

install_2.dll

pid	Process
2928	install_2.dll

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe

description	pid	Process	procid_target
PID 2668 wrote to memory of 2928	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	30
PID 2668 wrote to memory of 2928	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	30
PID 2668 wrote to memory of 2928	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	30
PID 2668 wrote to memory of 2928	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	30
PID 2668 wrote to memory of 2928	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	30
PID 2668 wrote to memory of 2928	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	30
PID 2668 wrote to memory of 2928	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	30
PID 2668 wrote to memory of 2712	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	31
PID 2668 wrote to memory of 2712	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	31
PID 2668 wrote to memory of 2712	2668	5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe	31

C:\Users\Admin\AppData\Local\Temp\5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe
"C:\Users\Admin\AppData\Local\Temp\5b9ed73fd7af6b0f9625ff30b925c84905e76b694a37e41d6207626b2fc3d2f6N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\temp333\install_2.dll
  "C:\temp333\install_2.dll"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2928
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2668 -s 272
  2⤵
  PID:2712

C:\temp333\g2m.dll

Filesize
2.6MB

MD5
e0fa9d4894017e66af927bd72df16793

SHA1
b504698acb8d172488277c4fc24a819b1009fdf3

SHA256
fca664019d4465e2f9382c47da8acdf6739ee598191bd748c836a5f752031ad2

SHA512
839185ed2364b4dce93b245b33ffd9bf2ce3d830cdd45500081af93ae5733eff3ca7def9f66531350d0d8b1a5017b4601140ec7956891e926aa4a77c06ee3096

Download Submit
C:\temp333\install_2.dll

Filesize
39KB

MD5
d75badd2424af98cbb2dbefea073be58

SHA1
f876262525b5a0a325fb3b9f8346fb573a471936

SHA256
3496b97ebbe962cf054d85cd666353394f02113171a21bfcec1d46c276366623

SHA512
588cd280f607da44acf39c1f4c9bf3551ab9109ecc7567ac0f7353985959fdc8b318ff86da14f91163105ebd78257ddf663e452c027f191ada5d0bf9a97cf9e0

Download Submit
memory/2668-7-0x000000013F8D0000-0x000000013F9D4000-memory.dmp

Filesize
1.0MB

Download