cc375ffe6dbc06f15ab3d10298cd4687d9dd9073abda946278690bf85364a958

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 09:38

Target

cc375ffe6dbc06f15ab3d10298cd4687d9dd9073abda946278690bf85364a958.exe
Size

451KB
MD5

8225705e91eb665f94aae09ac53825fd
SHA1

d8e7691b96eb143d5899cb384e8b91ad052f1140
SHA256

cc375ffe6dbc06f15ab3d10298cd4687d9dd9073abda946278690bf85364a958
SHA512

31c1fce6a6a08656073b0d7416fc7add7252c8077804fe6367368174ae61ee1369bc9310754ebba17f7263d52317760ebeedee9cee39a747c292ccc61a9bfa59
SSDEEP

6144:yvaqS4IR/kviXzd4twM19AwCflNKBek0egb3CZF8/yoYZeiEzK4NKzLBM4cUvpS1:B/kviXzdtmJwNKBekM3GoYTEDeBf40w

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1916	hpigpwdrymrp.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1916	hpigpwdrymrp.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1916	hpigpwdrymrp.exe
1916	hpigpwdrymrp.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 1916	4812	cc375ffe6dbc06f15ab3d10298cd4687d9dd9073abda946278690bf85364a958.exe	83
PID 4812 wrote to memory of 1916	4812	cc375ffe6dbc06f15ab3d10298cd4687d9dd9073abda946278690bf85364a958.exe	83

C:\Users\Admin\AppData\Local\Temp\cc375ffe6dbc06f15ab3d10298cd4687d9dd9073abda946278690bf85364a958.exe
"C:\Users\Admin\AppData\Local\Temp\cc375ffe6dbc06f15ab3d10298cd4687d9dd9073abda946278690bf85364a958.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Users\Admin\AppData\Local\Temp\hpigpwdrymrp.exe
  "C:\Users\Admin\AppData\Local\Temp\\hpigpwdrymrp.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1916

C:\Users\Admin\AppData\Local\Temp\hpigpwdrymrp.exe

Filesize
11KB

MD5
8a1240360271b11d7be8e579c8aae55a

SHA1
d5f399cea2aae630772f1090c83b3e3353ed833f

SHA256
81b9fdc86475fe81c05f0feeef0b233e1386802a57c7050f63409181b5feb827

SHA512
f1baf606ef670a94467962d95ab21fcb7257acdc5409d1430d15c2bc03bf7391f76c37a657f9cb0e7420a1cf3c34d430b022e1932701cad4504e7c2f08d0ac81

Download Submit
C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
451KB

MD5
8225705e91eb665f94aae09ac53825fd

SHA1
d8e7691b96eb143d5899cb384e8b91ad052f1140

SHA256
cc375ffe6dbc06f15ab3d10298cd4687d9dd9073abda946278690bf85364a958

SHA512
31c1fce6a6a08656073b0d7416fc7add7252c8077804fe6367368174ae61ee1369bc9310754ebba17f7263d52317760ebeedee9cee39a747c292ccc61a9bfa59

Download Submit
memory/1916-134-0x00007FFA52340000-0x00007FFA52D76000-memory.dmp

Filesize
10.2MB

Download
memory/1916-136-0x000000000116A000-0x000000000116F000-memory.dmp

Filesize
20KB

Download
memory/1916-137-0x000000000116A000-0x000000000116F000-memory.dmp

Filesize
20KB

Download