e5818ba20d5670d14b818ad0b91bb5014b3e24eff0907092610b9258d12839fa

Analysis

max time kernel
249s
max time network
264s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 13:03

Target

e5818ba20d5670d14b818ad0b91bb5014b3e24eff0907092610b9258d12839fa.exe
Size

139KB
MD5

ff0f339c3895584cf9b6bfcb9e1c1dab
SHA1

fb5df497fde74e83bbe65af77733ca7269a9e46b
SHA256

e5818ba20d5670d14b818ad0b91bb5014b3e24eff0907092610b9258d12839fa
SHA512

54eba5d01f48dc5b746a689f8872994fe1551595a1665a8eae7c75ec5c7d8e85c0f66958a6a1454087c12eaf785b353eb912c2a7b9b4a21311472b95d90df154
SSDEEP

3072:RlB+fOqTNO/6GwCuDAUyJLywt7mmjlowz7TBfVlyOKWfTz:Rlk2Ug3t1mmjb7TBtlyOKWfT

Score

5^/10

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\clean.config	e5818ba20d5670d14b818ad0b91bb5014b3e24eff0907092610b9258d12839fa.exe
File created	C:\Windows\SysWOW64\clean58ad-7382.sys	e5818ba20d5670d14b818ad0b91bb5014b3e24eff0907092610b9258d12839fa.exe
File created	C:\Windows\SysWOW64\clean.config	e5818ba20d5670d14b818ad0b91bb5014b3e24eff0907092610b9258d12839fa.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
652	Process not Found

C:\Users\Admin\AppData\Local\Temp\e5818ba20d5670d14b818ad0b91bb5014b3e24eff0907092610b9258d12839fa.exe
"C:\Users\Admin\AppData\Local\Temp\e5818ba20d5670d14b818ad0b91bb5014b3e24eff0907092610b9258d12839fa.exe"
1⤵
- Drops file in System32 directory
PID:4140