b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa

Analysis

max time kernel
122s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 08:59

Target

b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe
Size

6.8MB
MD5

a338b3338c6ca2888ef6843afb89515a
SHA1

d45c6ad339fe1a708fbd811ca52d31ecf2c86046
SHA256

b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa
SHA512

e4b7535eda93efdc587477416d4e21722970e70eff491bb4e1c5eea4f60cadecf944f7c05a4789f833b72fbca35c419a3c26dc879f51710bda0c203a4ad7ee9e
SSDEEP

196608:yc2vkt69o1hyHzmsqS9aDALI1Yu3fkPynV7w/VTDdq:X3h1oCCIsLnL+NwFDE

Score

7^/10

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\READ_ME_GET_HELP.txt	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe
1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\READ_ME_GET_HELP.txt	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe
File created	C:\Program Files (x86)\READ_ME_GET_HELP.txt	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\READ_ME_GET_HELP.txt	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe
1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 4320	1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe	81
PID 1316 wrote to memory of 4320	1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe	81
PID 1316 wrote to memory of 4320	1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe	81
PID 1316 wrote to memory of 4032	1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe	83
PID 1316 wrote to memory of 4032	1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe	83
PID 1316 wrote to memory of 4032	1316	b80d72430f7226ad5145c1283ab40061afc470f1767a90699bb0372e804747fa.exe	83

C:\Program Files\READ_ME_GET_HELP.txt

Filesize
1KB

MD5
bf0f93789ff59416735f505fe3984aa6

SHA1
103134d2d960bca593b53b584e0b9335f27a25cd

SHA256
753cc65682da00c966fbb43a2c7efd8121b98bf7da98a75ad3d59fc5b4fc1878

SHA512
709aeb3dc44b578c8d8196db79662a40ddbebe1d37b78c29ad9061738aaab652277ad5fc5580bcf92357c4b551ce9e8905389084e287d4f79f4ca6c11c7cbf71

Download Submit
memory/1316-133-0x0000000000400000-0x0000000000EBF000-memory.dmp

Filesize
10.7MB

Download
memory/1316-135-0x0000000000FB0000-0x0000000000FB1000-memory.dmp

Filesize
4KB

Download
memory/1316-134-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

Filesize
4KB

Download
memory/1316-137-0x0000000000400000-0x0000000000EBF000-memory.dmp

Filesize
10.7MB

Download
memory/1316-938-0x0000000000400000-0x0000000000EBF000-memory.dmp

Filesize
10.7MB

Download
memory/1316-992-0x0000000000400000-0x0000000000EBF000-memory.dmp

Filesize
10.7MB

Download