e0415fdb84c6717059cc6893b78fb106d655c297d543e3bba84a25820e6368cd

Analysis

max time kernel
166s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2022, 06:25

Target

e0415fdb84c6717059cc6893b78fb106d655c297d543e3bba84a25820e6368cd.exe
Size

468KB
MD5

3ea4a603d8682903f1158886ee4be057
SHA1

b99723d2c9c32eed437e8bcf545ecc73306c9f79
SHA256

e0415fdb84c6717059cc6893b78fb106d655c297d543e3bba84a25820e6368cd
SHA512

ca7f928236c668f17dd44671bf3347e92e63cefdde59a3f85bacecabc336be47215ced0545d08acad1495b7eda35b8b0474d66da64db1a7e1ffbffb1c21560e4
SSDEEP

12288:ZYeUJAy8nnHpMWI1W2o1ZgeH1JMnljQB2inK5:6JAyinH2rW2odVAug

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1568	ydlysekerzci.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1568	ydlysekerzci.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1568	ydlysekerzci.exe
1568	ydlysekerzci.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 1568	1536	e0415fdb84c6717059cc6893b78fb106d655c297d543e3bba84a25820e6368cd.exe	82
PID 1536 wrote to memory of 1568	1536	e0415fdb84c6717059cc6893b78fb106d655c297d543e3bba84a25820e6368cd.exe	82

C:\Users\Admin\AppData\Local\Temp\e0415fdb84c6717059cc6893b78fb106d655c297d543e3bba84a25820e6368cd.exe
"C:\Users\Admin\AppData\Local\Temp\e0415fdb84c6717059cc6893b78fb106d655c297d543e3bba84a25820e6368cd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Users\Admin\AppData\Local\Temp\ydlysekerzci.exe
  "C:\Users\Admin\AppData\Local\Temp\\ydlysekerzci.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1568

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
468KB

MD5
3ea4a603d8682903f1158886ee4be057

SHA1
b99723d2c9c32eed437e8bcf545ecc73306c9f79

SHA256
e0415fdb84c6717059cc6893b78fb106d655c297d543e3bba84a25820e6368cd

SHA512
ca7f928236c668f17dd44671bf3347e92e63cefdde59a3f85bacecabc336be47215ced0545d08acad1495b7eda35b8b0474d66da64db1a7e1ffbffb1c21560e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ydlysekerzci.exe

Filesize
17KB

MD5
a496226166890a5dac20fe739a454648

SHA1
ef5a76483e04fc9de642a0970cb132f72fd5c12e

SHA256
6bc25cf53dd76c9be6a96e4706e47e037dcfb1636e31a0ea8dd4813f11dbd024

SHA512
b882799c5aa1c8914d5bb1b04a34fdd3175a30db903783a2027cc8b60bf63bd08a86281101e1190c428a53ac354fe258ff8721452823357a563401c2198a959f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ydlysekerzci.exe

Filesize
17KB

MD5
a496226166890a5dac20fe739a454648

SHA1
ef5a76483e04fc9de642a0970cb132f72fd5c12e

SHA256
6bc25cf53dd76c9be6a96e4706e47e037dcfb1636e31a0ea8dd4813f11dbd024

SHA512
b882799c5aa1c8914d5bb1b04a34fdd3175a30db903783a2027cc8b60bf63bd08a86281101e1190c428a53ac354fe258ff8721452823357a563401c2198a959f

Download Submit
memory/1568-135-0x00007FFC5C010000-0x00007FFC5CA46000-memory.dmp

Filesize
10.2MB

Download
memory/1568-137-0x00000000017FA000-0x00000000017FF000-memory.dmp

Filesize
20KB

Download
memory/1568-138-0x00000000017FA000-0x00000000017FF000-memory.dmp

Filesize
20KB

Download