c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867

Analysis

max time kernel
148s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 11:23

Target

c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867.exe
Size

18KB
MD5

ae59c0e29b92cb6ab4d83e13f801fdb2
SHA1

6133d89dd348a69e7a7ebb14d399b9cb37cbe9b7
SHA256

c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867
SHA512

a97f3d0acef229f95e214e344d5346916d4a00a7e47319a4e72c9938b31daa61fec6eb2881c6aceaa6a56f920ebd8d5e169d79e2332263b155060f99e9eca902
SSDEEP

384:Gc5J6z2MgeOWdntbSEoujkBWd9/11Q/MioH7wDY14CNBn9LkYBYFl9JOG:n5J6iMgnWptb+6uW1ooH7wDY14CNBn9W

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WinHvqf32.exe	c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867.exe
File opened for modification	C:\Windows\SysWOW64\WinHvqf32.exe	c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 4152	4108	c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867.exe	80
PID 4108 wrote to memory of 4152	4108	c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867.exe	80
PID 4108 wrote to memory of 4152	4108	c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867.exe	80

C:\Users\Admin\AppData\Local\Temp\c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867.exe
"C:\Users\Admin\AppData\Local\Temp\c98096b89a98f0392aa0d94b38ad588bdc49dcc74028eac38d41d8caf62e2867.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Windows\SysWOW64\WinHvqf32.exe
  "C:\Windows\system32\WinHvqf32.exe"
  2⤵
  PID:4152