3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e

Analysis

max time kernel
158s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 21:35

Target

3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe
Size

194KB
MD5

a03358f4492b02e28e9f25077fd0c830
SHA1

9b94fbd661376fac906496f6eb699bd0cefa62a5
SHA256

3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e
SHA512

dede2532809555aaa3e1cbb34813258737fcf7185bd7528f7fbc1b7aca33a89773b9d49eebb92debd5c1c260dd44e6f51cf2777d49f8ba8b2966b85499a77046
SSDEEP

3072:sdmtrAHFRpxvMDk67fXf4b2IEUAEWkGps2NQKPWDyDRepJltZrpRSfH7:s4UHFnuDk67fe2xNSDyDRothpQz

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
896	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.com

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\kernel.dll	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe
File created	C:\Windows\kernel.dll	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe
File created	C:\Windows\svchost.exe	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4480	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe
4480	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 896	4480	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe	82
PID 4480 wrote to memory of 896	4480	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe	82
PID 4480 wrote to memory of 896	4480	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe	82
PID 4480 wrote to memory of 1084	4480	3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.exe	52

C:\Users\Admin\AppData\Local\Temp\3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.com

Filesize
105KB

MD5
42483c66763e093d1bb8601d41a842a5

SHA1
7a9dcf30a949e2816b9951f1abfe45d200c6041e

SHA256
2d0900fdb9f8201ef9127abe36f2390a0969267e43d5c71cbff2485f17f9a47c

SHA512
355de927f53a7c7a0649606dd4cd7742f9ef69dac8062f13b1b730839c591e2595484569f420417cf601b30761166c2c2931c7c265ea088a7b813099f5af5f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\3663c761f1184a71f9080ff1b7ffea6d690ccef1758e05826068c51188b1b27e.com

Filesize
105KB

MD5
42483c66763e093d1bb8601d41a842a5

SHA1
7a9dcf30a949e2816b9951f1abfe45d200c6041e

SHA256
2d0900fdb9f8201ef9127abe36f2390a0969267e43d5c71cbff2485f17f9a47c

SHA512
355de927f53a7c7a0649606dd4cd7742f9ef69dac8062f13b1b730839c591e2595484569f420417cf601b30761166c2c2931c7c265ea088a7b813099f5af5f95

Download Submit