931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 23:32

Target

931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe
Size

652KB
MD5

a35eb0ce918d12a5ded738fc37228b60
SHA1

d0d6e2d06579063f010c5d49e65cdb403bd5ad55
SHA256

931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a
SHA512

ee72c46814b39e00d40f031a818b50fcc55362ad67481b85e3ab84028bc051fa7ea25646ecb324b242db0151e1cccff0b85239ae0987b02bbac5a6697df848d5
SSDEEP

6144:s4UHFnuDk67fe2GzqOxLfPcvgKVPlw9ayXlw9ayK18CRRVMMMMMM2MMMMMS:6luDk67Sz3zKQeW1zRRaMMMMM2MMMMMS

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4056	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.com

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\kernel.dll	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe
File created	C:\Windows\svchost.exe	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe
File opened for modification	C:\Windows\kernel.dll	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4644	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe
4644	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 4056	4644	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe	82
PID 4644 wrote to memory of 4056	4644	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe	82
PID 4644 wrote to memory of 4056	4644	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe	82
PID 4644 wrote to memory of 2832	4644	931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.exe	38

C:\Users\Admin\AppData\Local\Temp\931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.com

Filesize
564KB

MD5
e49e7402d84fe5664b4227628dd7477a

SHA1
9d3788cd8821a6ef27d9e5569fed2b3d918e90af

SHA256
a31433ebc0d6d0f6224ac6fdc066307ebafe2c6a9b7c89ef50e2e3a0c4a61161

SHA512
3cf4c34b270f93c385bbea790426b9061bb23716426d74d8caf445e3cb6e2b53a0f55fc08660854714ca43131aa50139b32b5b5ba5324f38a15b8039b87f59c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\931c1f45cf7eb2a1ca9be13ec891b98d546cb2019eee2319b48ceafe23c08f4a.com

Filesize
564KB

MD5
e49e7402d84fe5664b4227628dd7477a

SHA1
9d3788cd8821a6ef27d9e5569fed2b3d918e90af

SHA256
a31433ebc0d6d0f6224ac6fdc066307ebafe2c6a9b7c89ef50e2e3a0c4a61161

SHA512
3cf4c34b270f93c385bbea790426b9061bb23716426d74d8caf445e3cb6e2b53a0f55fc08660854714ca43131aa50139b32b5b5ba5324f38a15b8039b87f59c1

Download Submit
memory/4056-132-0x0000000000000000-mapping.dmp

Download