c1afe5d786d926d0a535f5b9f34e80ca09f4e3f2a0b4bd5b09edb94ecd5abda3

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 04:03

Target

04683b62ce1fa98a4569fcbc556ae065.exe
Size

252KB
MD5

04683b62ce1fa98a4569fcbc556ae065
SHA1

85bd54e7076e94479f1e92de58212af5fe21b1a5
SHA256

c1afe5d786d926d0a535f5b9f34e80ca09f4e3f2a0b4bd5b09edb94ecd5abda3
SHA512

28a74daa40a1673d97c56043359a3de8977f416ccf5c5516e911d9d84ac5b038a7b23532667c2db88ff89a086a40fe632787280dbb25826b00ea6f73f023db79
SSDEEP

3072:BZfSR6OFsXvEAPx6T0w7IJHFMpjkCoCQqLJclJLu:BhETlyePo5D

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2064	AntiVirScan.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4064	04683b62ce1fa98a4569fcbc556ae065.exe
2064	AntiVirScan.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 2156	4064	04683b62ce1fa98a4569fcbc556ae065.exe	24
PID 4064 wrote to memory of 2156	4064	04683b62ce1fa98a4569fcbc556ae065.exe	24
PID 4064 wrote to memory of 2156	4064	04683b62ce1fa98a4569fcbc556ae065.exe	24
PID 4064 wrote to memory of 2064	4064	04683b62ce1fa98a4569fcbc556ae065.exe	25
PID 4064 wrote to memory of 2064	4064	04683b62ce1fa98a4569fcbc556ae065.exe	25
PID 4064 wrote to memory of 2064	4064	04683b62ce1fa98a4569fcbc556ae065.exe	25
PID 2064 wrote to memory of 3100	2064	AntiVirScan.exe	28
PID 2064 wrote to memory of 3100	2064	AntiVirScan.exe	28
PID 2064 wrote to memory of 3100	2064	AntiVirScan.exe	28

C:\Users\Admin\AppData\Local\Temp\04683b62ce1fa98a4569fcbc556ae065.exe
"C:\Users\Admin\AppData\Local\Temp\04683b62ce1fa98a4569fcbc556ae065.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Windows\SysWOW64\cmd.exe
  cmd /c dir /b C:\Program Files >C:\list
  2⤵
  PID:2156
- C:\AntiVirScan.exe
  C:\AntiVirScan.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2064
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c dir /b C:\Program Files >C:\list
    3⤵
    PID:3100

C:\AntiVirScan.exe

Filesize
103KB

MD5
3c18ba23ea2de929cd80801d7e366fd9

SHA1
4375567f32ec0518f40dc6108ce82ddf394913ec

SHA256
a6b392d6910c5b260aaddb613ded9075b8f4bcefe243bbc8fd2bf5b9a97f9e48

SHA512
24b57abac51535850eacf452a1f5fdc547c8b61770126cbdb59232a38a74870e806532d0057803126d7473c6a9d85a53998c40ea9c26610dea25b776ccffab35

Download Submit
C:\AntiVirScan.exe

Filesize
105KB

MD5
e970b4da0cad8644d05558bb643993b3

SHA1
dc469cf5bb4fd6bbe9fe7c6aebfecbb7d06537d3

SHA256
1f25fd8f906f5977f1810860cf284cd1acc48f17e319353d9aba6483b03db32b

SHA512
281c7472470569a72f8e7643be0f6527a6847323eaa08e7b86f43e68f0fd998dea99dc5687ba22cc99b7e1cf99a6fc4877327842809d7ae22432740e3d537be0

Download Submit
C:\bac.exe

Filesize
99KB

MD5
3cb7915df7085804b4d1f619bcc29882

SHA1
ec85d0e144ff444991a61c7c2e79ce47742c105c

SHA256
ce83f37a3f0906d557e8d87c18c13d49e7f66d53d21395abfebb1b208f7ab3b3

SHA512
2a51b70d62253450ed94502ecfe6f3ba931f9eca457674f0bfa6b9117690c2ddbbe3ed497769bdccc70ad55c1ae32c37c863d80f6e03622ed98b33968fefed4f

Download Submit