ea41c918a850e431442a29ab51a022f74f03f88498e7d2a9a30a47d8f9e7120e

Analysis

Target

ea41c918a850e431442a29ab51a022f74f03f88498e7d2a9a30a47d8f9e7120e.exe
Size

152KB
MD5

d32b01e304d314719ee63401aab9ab40
SHA1

e40932f3d0de2aebdc8667fa953050f412d0dce8
SHA256

ea41c918a850e431442a29ab51a022f74f03f88498e7d2a9a30a47d8f9e7120e
SHA512

e38f7c38e28d6de7896dc9e0c42cc22632e46b23b89eed8dda087adf7455f6f7dd3d37287a12f4c6c1799c59f2bca2f0cc27d3f38e8e56ed87e884515f25f629

Score

8^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ea41c918a850e431442a29ab51a022f74f03f88498e7d2a9a30a47d8f9e7120e.exe

description	pid	process	target process
PID 4060 wrote to memory of 3804	4060	ea41c918a850e431442a29ab51a022f74f03f88498e7d2a9a30a47d8f9e7120e.exe	bdif.exe
PID 4060 wrote to memory of 3804	4060	ea41c918a850e431442a29ab51a022f74f03f88498e7d2a9a30a47d8f9e7120e.exe	bdif.exe
PID 4060 wrote to memory of 3804	4060	ea41c918a850e431442a29ab51a022f74f03f88498e7d2a9a30a47d8f9e7120e.exe	bdif.exe

Executes dropped EXE 1 IoCs

Processes:

bdif.exe

pid process

3804 bdif.exe

pid	process
3804	bdif.exe

NTFS ADS 1 IoCs

Processes:

ea41c918a850e431442a29ab51a022f74f03f88498e7d2a9a30a47d8f9e7120e.exe

description	ioc	process
File created	\??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier	ea41c918a850e431442a29ab51a022f74f03f88498e7d2a9a30a47d8f9e7120e.exe

\??\c:\programdata\e6533cd889\bdif.exe
c:\programdata\e6533cd889\bdif.exe
2⤵
- Executes dropped EXE
PID:3804

C:\ProgramData\83bb50ad72ec066ba3b2332b06c6d86c

Download Submit
C:\ProgramData\e6533cd889\bdif.exe

Download Submit
\??\c:\programdata\e6533cd889\bdif.exe

Download Submit
memory/3804-2-0x0000000000000000-mapping.dmp

Download
memory/3804-5-0x00000000001D0000-0x00000000001E0000-memory.dmp

Filesize
64KB

Download
memory/3804-6-0x0000000000470000-0x0000000000495000-memory.dmp

Filesize
148KB

Download
memory/4060-0-0x00000000001E0000-0x00000000001F0000-memory.dmp

Filesize
64KB

Download
memory/4060-1-0x00000000008A0000-0x00000000008C5000-memory.dmp

Filesize
148KB

Download