e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b

Analysis

max time kernel
138s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 04:19

Target

e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe
Size

146KB
MD5

79559c3824adbfb4a049e45acdd0c430
SHA1

279b481a18511e5bc3f91ac880002ccb6dd85fd8
SHA256

e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b
SHA512

c02b74e57896b70279bf377c56508aa2d830fcfd58ba932dbd97491e1e2a0edd3fa98b76c3601f582d3b5b232d77b163cce8680cd7b74485a9eaf7a7eb644d0a
SSDEEP

3072:NYGu635vCsNaoIYtpRc2vNQ8Uv5Z8eSIeOC9MC5Q96AaQdDCeV3:jf5fDpPv6JYeSzOlaYDBV3

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
4656	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wmdrtc32.dl_	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe
File created	C:\Windows\SysWOW64\wmdrtc32.dll	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SYSTEM.INI	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4656	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4796	4656	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe	82
PID 4656 wrote to memory of 4796	4656	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe	82
PID 4656 wrote to memory of 4796	4656	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe	82
PID 4656 wrote to memory of 4796	4656	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe	82
PID 4656 wrote to memory of 4796	4656	e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe	82

C:\Windows\SysWOW64\wmdrtc32.dll

Filesize
40KB

MD5
03ebc053c8eec6b4f4afbbb5dc64b169

SHA1
9ed172dbce1a6a1dd20e08a9720afba210eee79c

SHA256
ad25714f5c7eb2e27742b5e0886e865fc8884e8b65cb863d2aeba0c6dbff2d02

SHA512
40eab99574ea6614341b869239b014a74cdc24da0c4be69681eaab18de72bbef14ad4cf36215e39eff4978b8ed074762ce25bb85a042219ac5db5cb46390e9ff

Download Submit
memory/4656-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4656-134-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4656-135-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4656-138-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4656-139-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download