5987636ab9e7a26734f0c9d44e384486393328f0978ad80e84d2decdf047289c

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2023 19:54

Target

5987636ab9e7a26734f0c9d44e384486393328f0978ad80e84d2decdf047289c.exe
Size

5.2MB
MD5

d9920a2d3cc4e46c6ff025173620e60e
SHA1

5244082b0f08b83779842ed930e264c9ddd1711e
SHA256

5987636ab9e7a26734f0c9d44e384486393328f0978ad80e84d2decdf047289c
SHA512

f1d5610571749ae0878a32ad261a9b76044982cd6cac9d98f6bfc28d2aae344cf1676710177705d3add81ad0697565b3208e69dcf46b780af4875e1acb2cc54d
SSDEEP

98304:aF6tXJ76phGq8h9wRDptYlJTPd3bcvdu+tZt8KQFzNDJcb/oDtnNb67:awtXdSSwRtOzDevdrt8KQHVOihJ

Score

5^/10

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1F4B24E6-EAB9-4EFE-A7CD-AEDEF98805C1}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{370C1AEB-2C34-42BA-8056-73A3705A572B}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{EBBD38C1-57FC-4487-B2BF-805D78BDBF79}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{95DE4C98-0419-4D2F-AA4C-D061A272F970}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{7934A07C-DCEA-4216-A8B0-23A128113E3E}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{602A5BDE-3711-495D-A1F4-330107679C84}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B3EFE417-0E07-4794-AEF6-E2F936ED5DE7}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F4BC6676-BD7D-4046-B9C9-05608B9AFA03}.catalogItem	svchost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4136	5987636ab9e7a26734f0c9d44e384486393328f0978ad80e84d2decdf047289c.exe
4136	5987636ab9e7a26734f0c9d44e384486393328f0978ad80e84d2decdf047289c.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4136	5987636ab9e7a26734f0c9d44e384486393328f0978ad80e84d2decdf047289c.exe

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:368

memory/4136-133-0x00007FFB030F0000-0x00007FFB030F2000-memory.dmp

Filesize
8KB

Download
memory/4136-134-0x00007FFB03100000-0x00007FFB03102000-memory.dmp

Filesize
8KB

Download
memory/4136-135-0x00007FFB01190000-0x00007FFB01192000-memory.dmp

Filesize
8KB

Download
memory/4136-136-0x00007FFB011A0000-0x00007FFB011A2000-memory.dmp

Filesize
8KB

Download
memory/4136-139-0x00007FF6CF100000-0x00007FF6CF647000-memory.dmp

Filesize
5.3MB

Download
memory/4136-138-0x00007FFB00B00000-0x00007FFB00B02000-memory.dmp

Filesize
8KB

Download
memory/4136-137-0x00007FFB00AF0000-0x00007FFB00AF2000-memory.dmp

Filesize
8KB

Download