4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f

Analysis

max time kernel
119s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 16:38

Target

4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe
Size

92KB
MD5

a030af21e7981fece5ac140e580aff24
SHA1

23654607a6f3597643a84eb4bce6b1858deac52f
SHA256

4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f
SHA512

a8f24728dfc6b3395c5ac031a9432bd226fa455249ed9d4fd1155b89ca0d7337f81e86fd5994c716ade6225ba3d3b7d0baa6e8a3f102d580210f20e4e398dcb2
SSDEEP

1536:jfsRrCqzTIg692VvSpgmoUNQ4D14tOvuZAluju:jfsRJR69WvUgm1/FuZAluju

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1136	1.exe-crypted.exe.ucc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5072	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 1136	5072	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe	84
PID 5072 wrote to memory of 1136	5072	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe	84
PID 5072 wrote to memory of 1136	5072	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe	84
PID 1136 wrote to memory of 760	1136	1.exe-crypted.exe.ucc.exe	25
PID 1136 wrote to memory of 760	1136	1.exe-crypted.exe.ucc.exe	25
PID 1136 wrote to memory of 760	1136	1.exe-crypted.exe.ucc.exe	25
PID 1136 wrote to memory of 760	1136	1.exe-crypted.exe.ucc.exe	25
PID 1136 wrote to memory of 760	1136	1.exe-crypted.exe.ucc.exe	25
PID 1136 wrote to memory of 760	1136	1.exe-crypted.exe.ucc.exe	25

C:\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe

Filesize
28KB

MD5
781b2b39db867ac8f2d3fb186b2f092b

SHA1
5e6f963bcf788e6301ace9a639d59c3091f05a6c

SHA256
ee39c328fe46eb0721fa0e0c72d0db22c5cf284aa28f3df6a8e4120a7c33257c

SHA512
c565d51a20b065292cad3202ef38ada12a50d0030eb3b2f51771d3f4a1bba92133dc739e18d11ae7bc1a8cd7ef1833e9136469144921ed250bdc463926612e73

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe

Filesize
28KB

MD5
781b2b39db867ac8f2d3fb186b2f092b

SHA1
5e6f963bcf788e6301ace9a639d59c3091f05a6c

SHA256
ee39c328fe46eb0721fa0e0c72d0db22c5cf284aa28f3df6a8e4120a7c33257c

SHA512
c565d51a20b065292cad3202ef38ada12a50d0030eb3b2f51771d3f4a1bba92133dc739e18d11ae7bc1a8cd7ef1833e9136469144921ed250bdc463926612e73

Download Submit
memory/760-137-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

Filesize
24KB

Download
memory/1136-139-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1136-138-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download