75f38fa8f74093e98496dfd26d5ffe019461689401556942bad5537f2b919518

Analysis

max time kernel
96s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 21:13

Target

1283766d262f183aabb5817e15ef128a.exe
Size

50KB
MD5

1283766d262f183aabb5817e15ef128a
SHA1

89e792bb8e4e7c1db09cba62eb304d921a2e702d
SHA256

75f38fa8f74093e98496dfd26d5ffe019461689401556942bad5537f2b919518
SHA512

4784b970163f8c280d69f90a38f4aaeb1a203f556cfd5dd858f2c3819eb7cd4fde9b47c6453a21dd887e0bd5edec3fe39921329f350a8b585f755a5e304a9684
SSDEEP

768:YtxCei1RJAVqY9QLemwhxymWnsUa7AF9xTirq3MkoiH24zLvlbhGWq8xkatYN7:YtO130qkQLeosZ0B7ob4z5bhpzxkh

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1404	system.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\system.exe	1283766d262f183aabb5817e15ef128a.exe
File opened for modification	C:\Windows\SysWOW64\system.exe	1283766d262f183aabb5817e15ef128a.exe
File opened for modification	C:\Windows\SysWOW64\system.exe	system.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1404	system.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 1404	4900	1283766d262f183aabb5817e15ef128a.exe	87
PID 4900 wrote to memory of 1404	4900	1283766d262f183aabb5817e15ef128a.exe	87
PID 4900 wrote to memory of 1404	4900	1283766d262f183aabb5817e15ef128a.exe	87
PID 1404 wrote to memory of 3436	1404	system.exe	17
PID 1404 wrote to memory of 4220	1404	system.exe	91
PID 1404 wrote to memory of 4220	1404	system.exe	91
PID 1404 wrote to memory of 4220	1404	system.exe	91
PID 4900 wrote to memory of 4504	4900	1283766d262f183aabb5817e15ef128a.exe	92
PID 4900 wrote to memory of 4504	4900	1283766d262f183aabb5817e15ef128a.exe	92
PID 4900 wrote to memory of 4504	4900	1283766d262f183aabb5817e15ef128a.exe	92

C:\Windows\SysWOW64\system.exe

Filesize
50KB

MD5
1283766d262f183aabb5817e15ef128a

SHA1
89e792bb8e4e7c1db09cba62eb304d921a2e702d

SHA256
75f38fa8f74093e98496dfd26d5ffe019461689401556942bad5537f2b919518

SHA512
4784b970163f8c280d69f90a38f4aaeb1a203f556cfd5dd858f2c3819eb7cd4fde9b47c6453a21dd887e0bd5edec3fe39921329f350a8b585f755a5e304a9684

Download Submit
\??\c:\Deleteme.bat

Filesize
184B

MD5
b06e083523f5aa8c139272d0aeafe5b5

SHA1
68c0c4830283c26daeda1c7d18497e2274fd3d4f

SHA256
e01b688e144fab33212be4ce4a9f9dc4c0331b1ebb7455f131e329501cd32cce

SHA512
3ea95a3988d0caa8b908d0633b58d5bc0528a9ba80a171de4f9482c67d30374f3d8d17afa3bf10233c27c756c0553679ea8f43afdc0815e4736e1bd44bba54db

Download Submit
memory/1404-9-0x0000000015140000-0x0000000015152000-memory.dmp

Filesize
72KB

Download
memory/4900-11-0x0000000015140000-0x0000000015152000-memory.dmp

Filesize
72KB

Download