0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 10:59

Target

0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833.exe
Size

135KB
MD5

64a601b2793cbc0f67a874e2933e8570
SHA1

5bca5925be878bd415c6107ff7bfea8f698789a3
SHA256

0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833
SHA512

206f82f426b7668a6819668e9ed55162148f0913e0c9d96aa3fe564c1802ffa3ac642ba32504ce2c219032e68dc4ec53120b75791adbff33ce6f72cce4b725fc
SSDEEP

3072:QvuN8cr40md6Mncho4A/BMEPuRhVaaBo0fout:QvuN8C9md6Acho48BbMVNTfoS

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4892	msprxysvc32.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msprxysvc32.exe	0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe
File created	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 4892	4756	0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833.exe	81
PID 4756 wrote to memory of 4892	4756	0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833.exe	81
PID 4756 wrote to memory of 4892	4756	0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833.exe	81
PID 4892 wrote to memory of 112	4892	msprxysvc32.exe	86
PID 4892 wrote to memory of 112	4892	msprxysvc32.exe	86
PID 4892 wrote to memory of 112	4892	msprxysvc32.exe	86

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
136B

MD5
bfcf9cc6d1c37953dfa43312e2c36140

SHA1
07a4c0f29b282c34be24c312c4b920e479f4cee0

SHA256
bac7cce52aeba3a2e2ce2bb6aebf50ffa65530d0d51ca49a2abc7f4e43ce3ce5

SHA512
fb661474557e7168d4050607863b57649fa12a26ab9bd06078ae3254d003d76cfed4eac3d0a78a56eaf0ecc5b231d52788b6c8688cb14b0c86a37efe90f5f53a

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
64a601b2793cbc0f67a874e2933e8570

SHA1
5bca5925be878bd415c6107ff7bfea8f698789a3

SHA256
0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833

SHA512
206f82f426b7668a6819668e9ed55162148f0913e0c9d96aa3fe564c1802ffa3ac642ba32504ce2c219032e68dc4ec53120b75791adbff33ce6f72cce4b725fc

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
64a601b2793cbc0f67a874e2933e8570

SHA1
5bca5925be878bd415c6107ff7bfea8f698789a3

SHA256
0bd6ea17421d453b75d114113d4ad71c36640e1c3f8efeda87bcc23c8a857833

SHA512
206f82f426b7668a6819668e9ed55162148f0913e0c9d96aa3fe564c1802ffa3ac642ba32504ce2c219032e68dc4ec53120b75791adbff33ce6f72cce4b725fc

Download Submit
memory/4756-132-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4756-136-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4892-137-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4892-139-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download