d06575da6709974ceefb1fe30ea99a985e5afa6b70b045d8e1b199ff23cebb2a

Analysis

max time kernel
250s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2023 18:24

Target

Amigodainapasik.exe
Size

2.3MB
MD5

0da0f742cf3bd80919716fbd03299189
SHA1

0ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA256

8f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512

ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
SSDEEP

49152:ohBJrWt7Yfg1evewmI874ZtPttM/G/jOayrdDKr:ohBJrWF04RIu4Zfa3rdOr

Score

5^/10

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{150A0BC7-FA1A-4D81-AA3B-6D5397574996}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe
"C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"
1⤵
PID:1368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:2628

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4064

C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe
"C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"
1⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\wsuD032.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
3f792c80722df56506613a6ad72b6f7a

SHA1
6a2473d5069761ebf77b9240d491046f85bc33df

SHA256
95ca138e4733eef5f33d41a131f3933e1badea5c44a7c8bf0080a0c0f7bf0b1f

SHA512
46d3a038c94e91e6dc236ac6a1e0dc0fd7780a1306c1e844314dd1c66916f345a9c670a3511345b6ec8605c1ab77ac54e69c5153b7eac31795a9d94b6d6c3373

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
792b04b9189cc97e32f808a68867458a

SHA1
998cb9197df4cd4faa9692e6702ce29a1da50065

SHA256
d0504acac170a59d824ee9c80a17e083c8583ede54f52c6bb37d119dd2ba06ed

SHA512
fccaf0afdbc57d305ebaee9b0d357c725e683e8e151f2fe84ed0a87d660265a60f67e8b6ed0df78e62ca9585b4debd76566f0000b6bb398c91adfcd2cfd8377d

Download Submit