d3cdb0e7776cdc61033a980d29adfdd533ce23297dba8c795f5fdd82e280afa0

Analysis

max time kernel
141s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2023 18:29

Target

d3cdb0e7776cdc61033a980d29adfdd533ce23297dba8c795f5fdd82e280afa0.exe
Size

120KB
MD5

be10e9ac2296b665f1f212f1e07b31eb
SHA1

d561170f56ceb33486bb25101b61c2c4304b8fc4
SHA256

d3cdb0e7776cdc61033a980d29adfdd533ce23297dba8c795f5fdd82e280afa0
SHA512

47b85b5337879cd203088db9de46d42298db2149de27cde34d43f6d62390e30ce7d3565fc9cc9745cdd2b8c9432bec777e12c041037c3dfdf89d446c69dc3e8a
SSDEEP

1536:LNUTKAK5b+m6OAlzxve5RSKrj43gYquXUW69mbPGHPgMEHavK6UelWuM:Lafeb+mzADwRuQYqfcbuPE6S6W

Score

5^/10

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5D2D4E92-02AD-42AB-9F41-E6B0AB6E7774}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6DB9F59E-D876-49CE-8999-8FC51B4710C6}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5F537BDB-B8E9-45EB-8130-F74F3E946C6F}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{3D081365-1DAA-4C54-98D3-41EB446A9F66}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{4CCB5016-0AB8-4F80-9AC6-E56477E1C38A}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2C20DE9D-4D9C-429C-B9CB-4EBB009E586A}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{AA464EEC-701D-4038-AC4C-F68BAF5A946B}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{505F417C-6721-46DE-9DAE-2391BD3CD319}.catalogItem	svchost.exe

C:\Users\Admin\AppData\Local\Temp\d3cdb0e7776cdc61033a980d29adfdd533ce23297dba8c795f5fdd82e280afa0.exe
"C:\Users\Admin\AppData\Local\Temp\d3cdb0e7776cdc61033a980d29adfdd533ce23297dba8c795f5fdd82e280afa0.exe"
1⤵
PID:4868

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:3768

memory/4868-134-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4868-133-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4868-135-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download