06d832c25858b723d7db9bf73199fca2636f64cd451a820a304ac450e81d1a01

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2023 10:44

Target

0b9a371e67786c01ccbc7072db98c8fb.exe
Size

910KB
MD5

0b9a371e67786c01ccbc7072db98c8fb
SHA1

f3fbbd6a0a5e1aaac877516f30c2bfa62b9dd1c6
SHA256

06d832c25858b723d7db9bf73199fca2636f64cd451a820a304ac450e81d1a01
SHA512

764a0d162e293fcf895d72645521100725fa6f724ada38ed6027774a1cddedcc4296de1025ac7962829cfdcd1d1d542b2e61bf680f231bd1bf033f39ac966804
SSDEEP

24576:qKeyxTAJj7P+yW6mc1YVbUWdALNxh7AEP:qKeyRA0y9fWVb8LLh7XP

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1048	kuysco.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\extuspcevx\kuysco.exe	0b9a371e67786c01ccbc7072db98c8fb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 1048	4704	0b9a371e67786c01ccbc7072db98c8fb.exe	87
PID 4704 wrote to memory of 1048	4704	0b9a371e67786c01ccbc7072db98c8fb.exe	87
PID 4704 wrote to memory of 1048	4704	0b9a371e67786c01ccbc7072db98c8fb.exe	87

C:\Users\Admin\AppData\Local\Temp\0b9a371e67786c01ccbc7072db98c8fb.exe
"C:\Users\Admin\AppData\Local\Temp\0b9a371e67786c01ccbc7072db98c8fb.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Program Files (x86)\extuspcevx\kuysco.exe
  "C:\Program Files (x86)\extuspcevx\kuysco.exe"
  2⤵
  - Executes dropped EXE
  PID:1048

C:\Program Files (x86)\extuspcevx\kuysco.exe

Filesize
180KB

MD5
ff6028423010ad9d453d86c4508e88b1

SHA1
8c28c54ee1ceadeac59e559756706017a6ff0423

SHA256
677191884c3bb40d1d221ca6e26ec0c6171c6761dd25d90367ccd8a9d5b38f2a

SHA512
aa9b090cac8af2fcf75afe0a2bc5f9aaa518dc7ad9fc052c45fbd311c3ad75b05dbb4c94d5aacadfd08b383681870d8699dc05fa1254f27e50b41a0c3cff1a1e

Download Submit
C:\Program Files (x86)\extuspcevx\kuysco.exe

Filesize
213KB

MD5
c5098320364d658796075245b82070e2

SHA1
63d42029462e81157b22ca87406a245031b33dba

SHA256
1616ceea56e9bb3aaddc6cb4b4a41ed6da34a9c69905b777d3543458e697623c

SHA512
177333e2b6d201cc7b8494cb6bf8f908a4c59088dfd3951b4bcbcdea043d9c12beb6797b5bf524d645e614b61840cc80f521728f5bba47556e2fef2ca1c997f5

Download Submit
memory/1048-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1048-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1048-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4704-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4704-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4704-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download