c3ef0e201a45ccfa01bb5271c96295cca905cfeba1d4934e3daa20a48387a902

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 12:19

Target

1f4425cd255ced7c7e269f9278cd2642.exe
Size

894KB
MD5

1f4425cd255ced7c7e269f9278cd2642
SHA1

9e3a3b97c6bfdd879f02df3fc5438e5197147dda
SHA256

c3ef0e201a45ccfa01bb5271c96295cca905cfeba1d4934e3daa20a48387a902
SHA512

9e76a7c0689f92407f52be25c91f42c949df544e8a6e238f6bdf6b80fa460f5aacc2d0a1ca3610d704ab0339a3876eaa5fca76a18da957569af6e901654c3d62
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8nWfUEfV0rdOCIhaConP/ToDNiFYZzDQFKTUjEn7:qKeyxTAJj7P+yWwnN0rdGIvHRFYZPQy

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
632	gxv.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\uopikesc\gxv.exe	1f4425cd255ced7c7e269f9278cd2642.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 632	4036	1f4425cd255ced7c7e269f9278cd2642.exe	90
PID 4036 wrote to memory of 632	4036	1f4425cd255ced7c7e269f9278cd2642.exe	90
PID 4036 wrote to memory of 632	4036	1f4425cd255ced7c7e269f9278cd2642.exe	90

C:\Users\Admin\AppData\Local\Temp\1f4425cd255ced7c7e269f9278cd2642.exe
"C:\Users\Admin\AppData\Local\Temp\1f4425cd255ced7c7e269f9278cd2642.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\uopikesc\gxv.exe
  "C:\Program Files (x86)\uopikesc\gxv.exe"
  2⤵
  - Executes dropped EXE
  PID:632

C:\Program Files (x86)\uopikesc\gxv.exe

Filesize
914KB

MD5
f4a254b2f5a44b1a00300e17c2dafcdc

SHA1
d57d3ba890a41dfa6bc35d81fc59f66b55d824f3

SHA256
fef27e3643330089e2e916cc499223c80cb6e46f77a67fbb609a3cec7c32ad22

SHA512
d8e1c2b2f368c79902cec559a60c149d44eaa1aa86e1916175b0f162e827ee8eba11f2ea070d38d50263e5aff780c12135115416e6f36a2330b2523752c81b6d

Download Submit
memory/632-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/632-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/632-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4036-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4036-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4036-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download