c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2

Analysis

max time kernel
1s
max time network
24s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 06:45

Target

c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe
Size

672KB
MD5

f4af353df9f8807bd5759f356683dab8
SHA1

0eac161c47fa4f0ff21a75e5bb4c620ba366301f
SHA256

c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2
SHA512

167d9381fdfbeac9c353905a97759410c66d15fbec70a9d367f7062966e9fde41d2a55fe5c7f677f08f85bec6c429eefcade5c726db907be47759dc3d78c8ba5
SSDEEP

12288:qlP0GkLH5t5i0AL5jQcL+gdD2toUyEt+:quGkj57i0w5M2xdit7bt

Score

4^/10

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\AUTOINIT\init.lock	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe
4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 3532	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	89
PID 4708 wrote to memory of 3532	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	89
PID 4708 wrote to memory of 3532	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	89
PID 4708 wrote to memory of 792	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	90
PID 4708 wrote to memory of 792	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	90
PID 4708 wrote to memory of 792	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	90
PID 4708 wrote to memory of 1632	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	91
PID 4708 wrote to memory of 1632	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	91
PID 4708 wrote to memory of 1632	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	91
PID 4708 wrote to memory of 3488	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	92
PID 4708 wrote to memory of 3488	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	92
PID 4708 wrote to memory of 3488	4708	c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe	92

C:\Users\Admin\AppData\Local\Temp\c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe
"C:\Users\Admin\AppData\Local\Temp\c465c6f44635b7e417377e39fc80c2b731a0327df8ccc09a0b9dfba675f087c2.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Windows\SysWOW64\netsh.exe
  netsh interface ip set address "Ethernet" static 0.0.0.0 255.255.0.0 0.0.0.0
  2⤵
  PID:3532
- C:\Windows\SysWOW64\netsh.exe
  netsh interface ip set dns "Ethernet" static 223.5.5.5 primary
  2⤵
  PID:792
- C:\Windows\SysWOW64\netsh.exe
  netsh interface ip add dns name="Ethernet" 8.8.8.8 index=2
  2⤵
  PID:1632
- C:\Windows\SysWOW64\net.exe
  net user administrator Aa112233
  2⤵
  PID:3488
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 user administrator Aa112233
    3⤵
    PID:4300