ed4770268b2c35a114493981f1b327356f996d17aaff3cc723411d5926d7c308

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 13:05

Target

9765286f793b7a6ccbf0d3dfdba5e3ea.exe
Size

969KB
MD5

9765286f793b7a6ccbf0d3dfdba5e3ea
SHA1

399db10de463a6bfed0d952729fd5340aaa4aee3
SHA256

ed4770268b2c35a114493981f1b327356f996d17aaff3cc723411d5926d7c308
SHA512

07e1b2ad7f408b091543eaf923d17917ae0ff148f04747733076c5a0fdb49127faddfb1726ed5b996a3afebe3e8ae28f4592486b71a08a6232d44d9a36b4fcf6
SSDEEP

24576:qKeyxTAJj7P+yW6mc1YgeZfZRZIiBqN2H7/4g1kciEKmc:qKeyRA0y9fWd/Oi97/4GkcC

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3784	daabkctfdq.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\mrfo\daabkctfdq.exe	9765286f793b7a6ccbf0d3dfdba5e3ea.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 3784	2340	9765286f793b7a6ccbf0d3dfdba5e3ea.exe	87
PID 2340 wrote to memory of 3784	2340	9765286f793b7a6ccbf0d3dfdba5e3ea.exe	87
PID 2340 wrote to memory of 3784	2340	9765286f793b7a6ccbf0d3dfdba5e3ea.exe	87

C:\Users\Admin\AppData\Local\Temp\9765286f793b7a6ccbf0d3dfdba5e3ea.exe
"C:\Users\Admin\AppData\Local\Temp\9765286f793b7a6ccbf0d3dfdba5e3ea.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files (x86)\mrfo\daabkctfdq.exe
  "C:\Program Files (x86)\mrfo\daabkctfdq.exe"
  2⤵
  - Executes dropped EXE
  PID:3784

C:\Program Files (x86)\mrfo\daabkctfdq.exe

Filesize
530KB

MD5
0bcf4b0f8f27f967cd451bdf3b2ee373

SHA1
7b66830651d3b435784ca88b79374c7a4f3157e1

SHA256
eaf76e0319f9e2891d2157a3de3e50236f0a7d31eb40c38e0130d77bca7db906

SHA512
9109e614b4522cdada1afe00dd85baf72b8b60e02c80da47bbf01d6a80dac97206aea26237ad2339007eb2d54f0cf6aa9de3fd98a26f12df83027c31c86294ec

Download Submit
C:\Program Files (x86)\mrfo\daabkctfdq.exe

Filesize
506KB

MD5
dbdd0aca57c7682f082af5c26453614d

SHA1
db8b63bbfeeadbc9830c93d2c1b621b544ac07eb

SHA256
26df77079a93e13908538b78779a75820d1b95a362d8908cfecaf8df0402d510

SHA512
3c1c219bc8515c854114f6276e7f9915e89e0d578285b1d6fe6d974ad036bbf5528baef73d7a7fbc47c9f73a0dcf7d60164cb9078214d733db7a95e1ad74c428

Download Submit
memory/2340-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2340-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2340-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3784-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3784-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3784-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download