1974f6270fde1b98f44d790fbad36f39c8b05906e2c52ce6e013fadba55e728f

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 15:44

Target

dead0c1caf99a765358fcdf577c248d5.exe
Size

809KB
MD5

dead0c1caf99a765358fcdf577c248d5
SHA1

fc4ee86bc4876254d0d7a50523480e1ab7afb34d
SHA256

1974f6270fde1b98f44d790fbad36f39c8b05906e2c52ce6e013fadba55e728f
SHA512

5745739d779d01b81dfa7566acc5f4632f08d61e69f1c74790c03aed32fca3ca01a0e2c00270e142a0cff0c39e8b1cb46dbd05df1bb6991a8bf0de4da8aab66f
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVYBDP5vaoDiOVJfBH1TB4WDi:qKeyxTAJj7P+yW6mc1YXvaoOS5Bi

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1968	kxwj.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\pjizd\kxwj.exe	dead0c1caf99a765358fcdf577c248d5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 1968	3888	dead0c1caf99a765358fcdf577c248d5.exe	88
PID 3888 wrote to memory of 1968	3888	dead0c1caf99a765358fcdf577c248d5.exe	88
PID 3888 wrote to memory of 1968	3888	dead0c1caf99a765358fcdf577c248d5.exe	88

C:\Users\Admin\AppData\Local\Temp\dead0c1caf99a765358fcdf577c248d5.exe
"C:\Users\Admin\AppData\Local\Temp\dead0c1caf99a765358fcdf577c248d5.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Program Files (x86)\pjizd\kxwj.exe
  "C:\Program Files (x86)\pjizd\kxwj.exe"
  2⤵
  - Executes dropped EXE
  PID:1968

C:\Program Files (x86)\pjizd\kxwj.exe

Filesize
823KB

MD5
6d14fe8fd780fe43ee6d13f92cdd1191

SHA1
25d26d733729d74cc48e219da4e57b019fda93ca

SHA256
a930e5566e52d02fb2e1b7f2455bb43ff3efeda7891590036a3fa26235171802

SHA512
a93ff0ee8280765630830f935f3c6fb7220afa08dad3542399b2480eb52978aebdb0a06c7108e9318733853c23d3cfa74db1624a222e4549403a02640b72ae53

Download Submit
C:\Program Files (x86)\pjizd\kxwj.exe

Filesize
827KB

MD5
44437ab34a183aa6d8507d9a8d73c5ac

SHA1
cde313f662a88c2c6a1f6a2eb2003d01fa9bcbb6

SHA256
f13640533ec07722714dfa3e851870bf19a2f2bd6d8113cd099d20290c9458ab

SHA512
5501c4ce56e938b958be07e39cf38e9065c0282a9413678e0c1ce932475c411285e1690ac495e48acb20db711b9316be0d69b246025752bd651456b9593d7f8f

Download Submit
memory/1968-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1968-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3888-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3888-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3888-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download