fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927

Analysis

max time kernel
145s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 04:48

Target

fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927.exe
Size

28KB
MD5

0e625166f6d37d099145f035526c20bf
SHA1

f714112a833dedd08ddcaf1c3a4fb0885ef24eb9
SHA256

fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927
SHA512

246456bd90c068fb5a96cabb4f938d2479c5ce3eaacfa837f7a5f134619d9d2c80014a47749f71791d1a7da71f86da0947344dabff97ef05584ae899cc1f4f7d
SSDEEP

768:kcmBKzyh2AQd2HM6sgSxGhZDKKLkGWSq6Nn1Uau:vmBIyad2dsgYcZDdLkLShn1Ub

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4644	NTdhcp.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\NTdhcp.exe	fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927.exe
File opened for modification	C:\Windows\SysWOW64\NTdhcp.exe	fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927.exe
File opened for modification	C:\Windows\SysWOW64\NTdhcp.exe	NTdhcp.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 4644	4248	fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927.exe	79
PID 4248 wrote to memory of 4644	4248	fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927.exe	79
PID 4248 wrote to memory of 4644	4248	fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927.exe	79

C:\Windows\SysWOW64\NTdhcp.exe

Filesize
28KB

MD5
0e625166f6d37d099145f035526c20bf

SHA1
f714112a833dedd08ddcaf1c3a4fb0885ef24eb9

SHA256
fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927

SHA512
246456bd90c068fb5a96cabb4f938d2479c5ce3eaacfa837f7a5f134619d9d2c80014a47749f71791d1a7da71f86da0947344dabff97ef05584ae899cc1f4f7d

Download Submit
C:\Windows\SysWOW64\NTdhcp.exe

Filesize
28KB

MD5
0e625166f6d37d099145f035526c20bf

SHA1
f714112a833dedd08ddcaf1c3a4fb0885ef24eb9

SHA256
fb41f13c0b518c7cf6dd9dcec04b757e55e26cb7d1da0b42ae05d34a9060b927

SHA512
246456bd90c068fb5a96cabb4f938d2479c5ce3eaacfa837f7a5f134619d9d2c80014a47749f71791d1a7da71f86da0947344dabff97ef05584ae899cc1f4f7d

Download Submit
memory/4248-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4248-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4248-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4644-134-0x0000000000000000-mapping.dmp

Download
memory/4644-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4644-138-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download