20c383558e3e3d7d04e524933191ae57e7f1454a54ac3cc8e93fef902efbe2d2

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2023, 18:01

Target

ffca2ea98d6778exeexeexeex.exe
Size

408KB
MD5

ffca2ea98d6778c0cb1a343a8fd71102
SHA1

e9888aa7ecbb6b720bde0c41e8c8649a16206958
SHA256

20c383558e3e3d7d04e524933191ae57e7f1454a54ac3cc8e93fef902efbe2d2
SHA512

a3ccd5029e02663f1fb276316ec909e6b39a2db0e43c422e7f92076782b403061939d157e1d027f9c6451e6e1c5ef6f26998e3e021c00df583b13276adb81f2d
SSDEEP

12288:cplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:oxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3192	progress.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\agreement\progress.exe	ffca2ea98d6778exeexeexeex.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 3192	3096	ffca2ea98d6778exeexeexeex.exe	86
PID 3096 wrote to memory of 3192	3096	ffca2ea98d6778exeexeexeex.exe	86
PID 3096 wrote to memory of 3192	3096	ffca2ea98d6778exeexeexeex.exe	86

C:\Program Files\agreement\progress.exe

Filesize
408KB

MD5
59ba3a37eadaf2f819ecc66621a0c55a

SHA1
3d8c83e7cfc5eda111ff84532d3286b6dff53f1e

SHA256
1bcf8bdac259eb16257d8921a1992fe65f398165bdeddf4b825fe3312dcca942

SHA512
e0f8bbf63c2a57999afd61572ee236fcaad04a593842e5e4df23513afffcecc4c397e759aeff9560c8ac1d51ae09a7c2976674388b0722460cd61cc17c2113f4

Download Submit
C:\Program Files\agreement\progress.exe

Filesize
408KB

MD5
59ba3a37eadaf2f819ecc66621a0c55a

SHA1
3d8c83e7cfc5eda111ff84532d3286b6dff53f1e

SHA256
1bcf8bdac259eb16257d8921a1992fe65f398165bdeddf4b825fe3312dcca942

SHA512
e0f8bbf63c2a57999afd61572ee236fcaad04a593842e5e4df23513afffcecc4c397e759aeff9560c8ac1d51ae09a7c2976674388b0722460cd61cc17c2113f4

Download Submit