12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9

Analysis

max time kernel
152s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 15:47

Target

12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9.exe
Size

48KB
MD5

0739bcbaf96687353917cf3d1f57b8ea
SHA1

66a297677e9ca5528ebd5c4088b6ba3b0851e043
SHA256

12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9
SHA512

0bf0b9fb5258c6da1f8de1398df7eb1c9a20a03c48fca9aa65e35dd0cc03a56abc8ffa60c03e37ff326032a02bb05bea3eeca6b3a0eeedf483daf7deadd4f51d
SSDEEP

768:BtENkybNoQOJ4hUO3J9vaUZGjX6k4PVPo7vXKCC6FQb:BtENH6O3J5aUIjXqPtoj8yQ

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
4952	smss.exe
2324	smss.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system\smss.exe	12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9.exe
File created	C:\Windows\system\smss.exe	12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 1392	3196	12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9.exe	79
PID 3196 wrote to memory of 1392	3196	12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9.exe	79
PID 3196 wrote to memory of 1392	3196	12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9.exe	79
PID 1392 wrote to memory of 4952	1392	cmd.exe	81
PID 1392 wrote to memory of 4952	1392	cmd.exe	81
PID 1392 wrote to memory of 4952	1392	cmd.exe	81

C:\Windows\system\smss.exe
C:\Windows\system\smss.exe
1⤵
- Executes dropped EXE
PID:2324

C:\Windows\System\smss.exe

Filesize
48KB

MD5
0739bcbaf96687353917cf3d1f57b8ea

SHA1
66a297677e9ca5528ebd5c4088b6ba3b0851e043

SHA256
12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9

SHA512
0bf0b9fb5258c6da1f8de1398df7eb1c9a20a03c48fca9aa65e35dd0cc03a56abc8ffa60c03e37ff326032a02bb05bea3eeca6b3a0eeedf483daf7deadd4f51d

Download Submit
C:\Windows\System\smss.exe

Filesize
48KB

MD5
0739bcbaf96687353917cf3d1f57b8ea

SHA1
66a297677e9ca5528ebd5c4088b6ba3b0851e043

SHA256
12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9

SHA512
0bf0b9fb5258c6da1f8de1398df7eb1c9a20a03c48fca9aa65e35dd0cc03a56abc8ffa60c03e37ff326032a02bb05bea3eeca6b3a0eeedf483daf7deadd4f51d

Download Submit
C:\Windows\system\smss.exe

Filesize
48KB

MD5
0739bcbaf96687353917cf3d1f57b8ea

SHA1
66a297677e9ca5528ebd5c4088b6ba3b0851e043

SHA256
12302cd615c4b963aeb94bc716d144aa1207f06b7b6c7aadb96e2cbc26cfa8c9

SHA512
0bf0b9fb5258c6da1f8de1398df7eb1c9a20a03c48fca9aa65e35dd0cc03a56abc8ffa60c03e37ff326032a02bb05bea3eeca6b3a0eeedf483daf7deadd4f51d

Download Submit
memory/2324-140-0x0000000014000000-0x000000001401F000-memory.dmp

Filesize
124KB

Download
memory/3196-132-0x0000000014000000-0x000000001401F000-memory.dmp

Filesize
124KB

Download
memory/3196-134-0x0000000014000000-0x000000001401F000-memory.dmp

Filesize
124KB

Download
memory/4952-139-0x0000000014000000-0x000000001401F000-memory.dmp

Filesize
124KB

Download