840d8549a5d026fc64021e9b029fde0c036b18a8d9e573457df5e70854795aa4

Analysis

max time kernel
263s
max time network
342s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 22:56

Target

840d8549a5d026fc64021e9b029fde0c036b18a8d9e573457df5e70854795aa4.exe
Size

25KB
MD5

b65d583afa56850da92aa5096b9eef44
SHA1

0af589069dc1cce4cb17f72996c4b32d38ab8d09
SHA256

840d8549a5d026fc64021e9b029fde0c036b18a8d9e573457df5e70854795aa4
SHA512

960a47edcdb905dad8db52dd09660b15eb7df6033966d3dc672e64e7b79afe80a5d0fc9ccbc4cae0b2b5a58e32a6f7870ec03c934532b979b81b4d1b52113c2b
SSDEEP

384:G5BsVOR/cxOq9V7hVrP8wB7D85Yjh6HIoggJe6YVFa:yWVCExO8V7EwBH8qjhiH06YVF

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1288	gxotghmv.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1288	1908	840d8549a5d026fc64021e9b029fde0c036b18a8d9e573457df5e70854795aa4.exe	81
PID 1908 wrote to memory of 1288	1908	840d8549a5d026fc64021e9b029fde0c036b18a8d9e573457df5e70854795aa4.exe	81
PID 1908 wrote to memory of 1288	1908	840d8549a5d026fc64021e9b029fde0c036b18a8d9e573457df5e70854795aa4.exe	81

C:\Users\Admin\AppData\Local\Temp\840d8549a5d026fc64021e9b029fde0c036b18a8d9e573457df5e70854795aa4.exe
"C:\Users\Admin\AppData\Local\Temp\840d8549a5d026fc64021e9b029fde0c036b18a8d9e573457df5e70854795aa4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\gxotghmv.exe
  gxotghmv.exe
  2⤵
  - Executes dropped EXE
  PID:1288

C:\Users\Admin\AppData\Local\Temp\gxotghmv.exe

Filesize
804.1MB

MD5
f7a1e0380342db485b33515f26018b6b

SHA1
413743cecd9e97a56cbcc26af4b4e604d45dc200

SHA256
3d6e617127485000c976bcf6ebe20224e8994907c289a0f2bbd25f64349bf75e

SHA512
0e8c89fd5498de90f27cfabd3992cfc58ba846a298d07a754c63c7c317846cc10f21191e69ed77a630f49d74c3d681be751bc4a7c2eb1701fc6cbd96b26e2383

Download Submit
C:\Users\Admin\AppData\Local\Temp\gxotghmv.exe

Filesize
583.7MB

MD5
cbb3901d9a5aba4efe71a46cf04186d0

SHA1
5033fe67f3cb8e4985460c4102e5a3472536b833

SHA256
0ccded657c2f9c309fa5ea1c8364296fef3940b03cca5689bf4ffaf5afea246e

SHA512
01c814fdee0c5903431f26be532e89ec7b88c44d3ef6b6f56858d60547abdeb1fd4a3d7fb5c2d1e34e7c575bfbde75f8cb42ab873e7d00fa59d4983b5edc7521

Download Submit
C:\evorisss.exe

Filesize
636.1MB

MD5
bab2ba019383ade97ba2686703cae3c0

SHA1
0fa028db3f224ebed3383d77ff5249c76fbbaaf6

SHA256
393fde4a16c449acbb69990ed0faed45e1acd85ee4d1fe3bb8320fab5fdc1870

SHA512
6b76dfe51c2b8402351d287bfc2dc5afd3076c4b853abd73f3e623de5a62daa4e09ce02a758379a23e8521f6ceac96ee574c89acc981b9f87b9f1fa95863f521

Download Submit
memory/1288-137-0x00000000001A0000-0x00000000001D0000-memory.dmp

Filesize
192KB

Download
memory/1908-132-0x00000000001D0000-0x0000000000200000-memory.dmp

Filesize
192KB

Download