2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22

Analysis

Target

2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe
Size

686KB
MD5

0e782f5f57876f5e1cab16e0d8afb69f
SHA1

cbe4910fba99d721710f836bef90ae05e8879e50
SHA256

2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22
SHA512

e62403d005e46a1632ae52ef4206a974ee20b4143df35272c80853788bb7bd1b4f660f8e8dc2a3cf48afffc28afceecc6987c46464c0eb7bcbe264ad79ac535d

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

windate.exe

pid process

4632 windate.exe

pid	process
4632	windate.exe

NTFS ADS 1 IoCs

Processes:

2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\windate\windate.exe:ZoneIdentifier	2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe

pid	process
2108	2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe
2108	2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe

description	pid	process	target process
PID 2108 wrote to memory of 4632	2108	2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe	windate.exe
PID 2108 wrote to memory of 4632	2108	2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe	windate.exe
PID 2108 wrote to memory of 4632	2108	2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22.exe	windate.exe

C:\Users\Admin\AppData\Roaming\windate\windate.exe
"C:\Users\Admin\AppData\Roaming\windate\windate.exe"
2⤵
- Executes dropped EXE
PID:4632

C:\Users\Admin\AppData\Roaming\windate\windate.exe
Filesize
686KB

MD5
0e782f5f57876f5e1cab16e0d8afb69f

SHA1
cbe4910fba99d721710f836bef90ae05e8879e50

SHA256
2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22

SHA512
e62403d005e46a1632ae52ef4206a974ee20b4143df35272c80853788bb7bd1b4f660f8e8dc2a3cf48afffc28afceecc6987c46464c0eb7bcbe264ad79ac535d

Download Submit
C:\Users\Admin\AppData\Roaming\windate\windate.exe
Filesize
686KB

MD5
0e782f5f57876f5e1cab16e0d8afb69f

SHA1
cbe4910fba99d721710f836bef90ae05e8879e50

SHA256
2eff10c6153ea10cba3b0719f4526c474236e255ca55ed74f97809445e0a1c22

SHA512
e62403d005e46a1632ae52ef4206a974ee20b4143df35272c80853788bb7bd1b4f660f8e8dc2a3cf48afffc28afceecc6987c46464c0eb7bcbe264ad79ac535d

Download Submit
memory/2108-130-0x00000000022F0000-0x0000000002332000-memory.dmp

Filesize
264KB

Download
memory/2108-131-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/2108-132-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/4632-133-0x0000000000000000-mapping.dmp

Download
memory/4632-136-0x00000000021D0000-0x0000000002212000-memory.dmp

Filesize
264KB

Download