7bfd7d318a39157ad4db8328b9c6383db2db8f7a9715ed6d2397e94efa91e32d

Analysis

max time kernel
143s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:34

Target

0859a9188aabf0513cfaae05fbeb0e7a.exe
Size

13KB
MD5

0859a9188aabf0513cfaae05fbeb0e7a
SHA1

76440b5c8fa3937d64e52b86d0171126babe9898
SHA256

7bfd7d318a39157ad4db8328b9c6383db2db8f7a9715ed6d2397e94efa91e32d
SHA512

e07656340037cfd460d90a46dc2d5ddd9e04d545d63f704fae134679faf30db570f59ef5d1366fdcc36c70a0741d874944ae85c1547f8b196dadaf42e6cf7fcd
SSDEEP

192:ZQmb0sn+gVuzyY4lg7BOPwctgUYzmWTHcpRNhy5D5sd1VqCMIyqav5uUm0xaN:Z1Qa+gVJlumw+qCDhySjqCMUavMmE

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2988	0859a9188aabf0513cfaae05fbeb0e7a.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\gdgei32.dll	0859a9188aabf0513cfaae05fbeb0e7a.exe
File opened for modification	C:\Windows\SysWOW64\gdgei32.dll	0859a9188aabf0513cfaae05fbeb0e7a.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2988	0859a9188aabf0513cfaae05fbeb0e7a.exe
2988	0859a9188aabf0513cfaae05fbeb0e7a.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 5088	2988	0859a9188aabf0513cfaae05fbeb0e7a.exe	93
PID 2988 wrote to memory of 5088	2988	0859a9188aabf0513cfaae05fbeb0e7a.exe	93
PID 2988 wrote to memory of 5088	2988	0859a9188aabf0513cfaae05fbeb0e7a.exe	93

C:\Users\Admin\AppData\Local\Temp\0859a9188aabf0513cfaae05fbeb0e7a.exe
"C:\Users\Admin\AppData\Local\Temp\0859a9188aabf0513cfaae05fbeb0e7a.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\0859a9188aabf0513cfaae05fbeb0e7a.exe"
  2⤵
  PID:5088

C:\Windows\SysWOW64\gdgei32.dll

Filesize
10KB

MD5
e7b1828f73127eb3d6dee88ce41b9123

SHA1
4bb03dd1f0a5bd8f42eb19ca2dd046d27fbd1ad5

SHA256
eb1703204f3ece57013a263161d15c1f0af811636c68638cb30f738ec2a6cce9

SHA512
918089d402599cc5f078839692cbc175ca29d5fa77093c3d4358b6dfe881e4bddeaeaa386fc30479bb8a3567b9a9886fdd6a82e6952d4feb27fa3bfccd1f2c1e

Download Submit
memory/2988-5-0x0000000025000000-0x0000000025018000-memory.dmp

Filesize
96KB

Download
memory/2988-10-0x0000000025000000-0x0000000025018000-memory.dmp

Filesize
96KB

Download