d47788fd7cea714c3053ee24e8ea312449b2ef79ff7e334b5245abbba4cee794

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 19:52

Target

0efad08f8102418661096c4c777587e8.exe
Size

28KB
MD5

0efad08f8102418661096c4c777587e8
SHA1

4259edfd7a3c3e2e81dcd24c5e7eba5698022e3e
SHA256

d47788fd7cea714c3053ee24e8ea312449b2ef79ff7e334b5245abbba4cee794
SHA512

680c6811a6b8942b6619e6009719f4f12dd57a2e6d1fcb5d98b56c801559fafebe8ef8ad5342f34885f828323ac40179e4531da6a5b27b2366983ef6190e98eb
SSDEEP

768:MzbKzyKmJnHyAtKzCIneHrCraj0wKPkEjs20er:KbIyLnHgz3neHryajCcKVJr

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4804	NTdhcp.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\NTdhcp.exe	0efad08f8102418661096c4c777587e8.exe
File opened for modification	C:\Windows\SysWOW64\NTdhcp.exe	NTdhcp.exe
File created	C:\Windows\SysWOW64\NTdhcp.exe	0efad08f8102418661096c4c777587e8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4804	228	0efad08f8102418661096c4c777587e8.exe	87
PID 228 wrote to memory of 4804	228	0efad08f8102418661096c4c777587e8.exe	87
PID 228 wrote to memory of 4804	228	0efad08f8102418661096c4c777587e8.exe	87

C:\Windows\SysWOW64\NTdhcp.exe

Filesize
28KB

MD5
0efad08f8102418661096c4c777587e8

SHA1
4259edfd7a3c3e2e81dcd24c5e7eba5698022e3e

SHA256
d47788fd7cea714c3053ee24e8ea312449b2ef79ff7e334b5245abbba4cee794

SHA512
680c6811a6b8942b6619e6009719f4f12dd57a2e6d1fcb5d98b56c801559fafebe8ef8ad5342f34885f828323ac40179e4531da6a5b27b2366983ef6190e98eb

Download Submit
memory/228-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/228-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/228-2-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/228-11-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4804-9-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/4804-8-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4804-10-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download