3a2a3992ff13289b02262640556daf43bbd3be64fba43e0329307b4e60d7265c

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 23:58

Target

3a2a3992ff13289b02262640556daf43bbd3be64fba43e0329307b4e60d7265c.exe
Size

361KB
MD5

1754d4765a05e4637d2dcdbd1c28eaf1
SHA1

227b37d48ae4647220f632993a6c6954c62e7371
SHA256

3a2a3992ff13289b02262640556daf43bbd3be64fba43e0329307b4e60d7265c
SHA512

9ee7d9a3a7316a8014151cd280e135d85e3d26d504e5bf698ad309b20d92616bb35e20367d83c548e1144960580acbaa69bb7c9be0e1bb6acddedfa904898785
SSDEEP

6144:x6qq0vmHWIBQyPiD6RstlozpHs8SQKjsLxtVJsIMLFLG5lDPGauc3:sJbBZPimRsb8pHs8SQYMnsIMLFLG5lDG

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4892	HPyyyDvJpbeQDMT.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\2ete64.vas	Process not Found
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\2ete64.vas	Process not Found

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\HPyyyDvJpbeQDMT.exe	3a2a3992ff13289b02262640556daf43bbd3be64fba43e0329307b4e60d7265c.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
4892	HPyyyDvJpbeQDMT.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4892	4988	3a2a3992ff13289b02262640556daf43bbd3be64fba43e0329307b4e60d7265c.exe	82
PID 4988 wrote to memory of 4892	4988	3a2a3992ff13289b02262640556daf43bbd3be64fba43e0329307b4e60d7265c.exe	82
PID 4988 wrote to memory of 4892	4988	3a2a3992ff13289b02262640556daf43bbd3be64fba43e0329307b4e60d7265c.exe	82
PID 768 wrote to memory of 1604	768	Process not Found	88
PID 768 wrote to memory of 1604	768	Process not Found	88

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:1604

C:\Windows\HPyyyDvJpbeQDMT.exe

Filesize
361KB

MD5
1754d4765a05e4637d2dcdbd1c28eaf1

SHA1
227b37d48ae4647220f632993a6c6954c62e7371

SHA256
3a2a3992ff13289b02262640556daf43bbd3be64fba43e0329307b4e60d7265c

SHA512
9ee7d9a3a7316a8014151cd280e135d85e3d26d504e5bf698ad309b20d92616bb35e20367d83c548e1144960580acbaa69bb7c9be0e1bb6acddedfa904898785

Download Submit
C:\Windows\HPyyyDvJpbeQDMT.exe

Filesize
361KB

MD5
1754d4765a05e4637d2dcdbd1c28eaf1

SHA1
227b37d48ae4647220f632993a6c6954c62e7371

SHA256
3a2a3992ff13289b02262640556daf43bbd3be64fba43e0329307b4e60d7265c

SHA512
9ee7d9a3a7316a8014151cd280e135d85e3d26d504e5bf698ad309b20d92616bb35e20367d83c548e1144960580acbaa69bb7c9be0e1bb6acddedfa904898785

Download Submit
memory/768-140-0x000001E5C8FC0000-0x000001E5C8FF1000-memory.dmp

Filesize
196KB

Download
memory/768-141-0x000001E5C9A00000-0x000001E5C9A36000-memory.dmp

Filesize
216KB

Download
memory/4892-138-0x0000000002040000-0x00000000020B5000-memory.dmp

Filesize
468KB

Download
memory/4892-139-0x0000000000400000-0x00000000004741F0-memory.dmp

Filesize
464KB

Download
memory/4988-132-0x0000000000400000-0x00000000004741F0-memory.dmp

Filesize
464KB

Download
memory/4988-136-0x0000000000400000-0x00000000004741F0-memory.dmp

Filesize
464KB

Download