e90d43c3de18ce5316b37ee8c006f4fba8af4cdbccbd3c93ba5993d4cd60752c

Analysis

max time kernel
2s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 12:58

Target

204e0ecc04bb829b43f4c342efa8f3bc.exe
Size

4.7MB
MD5

204e0ecc04bb829b43f4c342efa8f3bc
SHA1

1492996e0e3ab00183cdf0167e50f787e1a7c5cf
SHA256

e90d43c3de18ce5316b37ee8c006f4fba8af4cdbccbd3c93ba5993d4cd60752c
SHA512

584ce4a81ed58ca843224bee64f00cdf1a2338a686512146ff282118e7d16925d9307366c1b1c6a001b6af9e4f393b55c2a75e0297eb7ac070230941d5130821
SSDEEP

98304:mvERjlSCbsUEkBupcda9++4l+N2Su8OuCTGOoru/k:mvERla9+D8yq

Score

7^/10

Executes dropped EXE 3 IoCs

Loads dropped DLL 2 IoCs

pid	Process
2248	204e0ecc04bb829b43f4c342efa8f3bc.exe
2576	wins.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe	204e0ecc04bb829b43f4c342efa8f3bc.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe	204e0ecc04bb829b43f4c342efa8f3bc.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\queries-02.cache	wins.exe
File opened for modification	C:\Windows\SysWOW64\config\SYSTEM~1\AppData\Local\WINDOW~1\QUERIE~1.CAC	wins.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\crutch	wins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\crutch\LocalService = "Windows Internet Name Service"	wins.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 1556	2248	204e0ecc04bb829b43f4c342efa8f3bc.exe	16
PID 2248 wrote to memory of 1556	2248	204e0ecc04bb829b43f4c342efa8f3bc.exe	16
PID 2248 wrote to memory of 1556	2248	204e0ecc04bb829b43f4c342efa8f3bc.exe	16
PID 2248 wrote to memory of 1556	2248	204e0ecc04bb829b43f4c342efa8f3bc.exe	16
PID 2576 wrote to memory of 2884	2576	wins.exe	30
PID 2576 wrote to memory of 2884	2576	wins.exe	30
PID 2576 wrote to memory of 2884	2576	wins.exe	30
PID 2576 wrote to memory of 2884	2576	wins.exe	30
PID 2884 wrote to memory of 2776	2884	15686	32
PID 2884 wrote to memory of 2776	2884	15686	32
PID 2884 wrote to memory of 2776	2884	15686	32
PID 2884 wrote to memory of 2776	2884	15686	32

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe

Filesize
94KB

MD5
e21c3400e17b580d72ab417773ec0a05

SHA1
ad02ff58e3eb9df25028afa2147231683d4088c8

SHA256
f2905261b69a67fce9641abd8884506b6f4baf4d2710f419fc306a8d1f5febc4

SHA512
b5a875f84bcdc8beb611a973f58da95691a585dcd400e939ef01691dafcf93378610644c9b837f8c649b263136777b279d97e171e9eddf13cf6b01d4cc19f573

Download Submit
\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe

Filesize
381KB

MD5
83c1610e7931b8d08c7c960cd97989d0

SHA1
b89df2dae6ce115723d25de7cb2e1a3db984cd26

SHA256
8fffe2a3e8416f8203039b9de9b6ea79a91cc804c714649d27d9774563a32dd4

SHA512
1479957de11ec921f7f3075aad743e0ed6c4f0cd6129ded9e01a302cdb082841d19f75d9e4aa8ea7cf614fc7be79ae4de0f65dd166d27db294da671cf08ce34c

Download Submit