dc88835f44c98044dc99686c42f1bb53986c9eec47452a37244a564148769e0b

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 14:46

Target

76a5d0f5d29176bb54200aa38e361931.exe
Size

1000KB
MD5

76a5d0f5d29176bb54200aa38e361931
SHA1

3dd74a20f40286d070526f5a8bf78ccfca508dd4
SHA256

dc88835f44c98044dc99686c42f1bb53986c9eec47452a37244a564148769e0b
SHA512

6af855b70abdc3567589bec5da6989e1b02921aecd405cad2925a7454f0d60dfed2e62bdb6c933839e92591c9a9234e2512b09b15ddec37a242ca42b9458bcdb
SSDEEP

24576:qKeyxTAJj7PZFK30B3I9ILWDdhVL0OOsI5zii8:qKeyRAwEB3w7DOZ5zih

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2264	gghqp.exe

Loads dropped DLL 1 IoCs

pid	Process
1576	76a5d0f5d29176bb54200aa38e361931.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\azkmrn\gghqp.exe	76a5d0f5d29176bb54200aa38e361931.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2264	1576	76a5d0f5d29176bb54200aa38e361931.exe	16
PID 1576 wrote to memory of 2264	1576	76a5d0f5d29176bb54200aa38e361931.exe	16
PID 1576 wrote to memory of 2264	1576	76a5d0f5d29176bb54200aa38e361931.exe	16
PID 1576 wrote to memory of 2264	1576	76a5d0f5d29176bb54200aa38e361931.exe	16

C:\Users\Admin\AppData\Local\Temp\76a5d0f5d29176bb54200aa38e361931.exe
"C:\Users\Admin\AppData\Local\Temp\76a5d0f5d29176bb54200aa38e361931.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files (x86)\azkmrn\gghqp.exe
  "C:\Program Files (x86)\azkmrn\gghqp.exe"
  2⤵
  - Executes dropped EXE
  PID:2264

C:\Program Files (x86)\azkmrn\gghqp.exe

Filesize
92KB

MD5
4d60b9fd7429bb89c0d71d8879022a66

SHA1
863e684f321b41f71da7ffa3832802f2f7fe74da

SHA256
19b168c6c74c9b86d24fe0e18c3406615462ee1de86112ced62a46aca8acaf3c

SHA512
b1bf542914cabd4e96c84505e6c437d0645b8e61cb74a07eb4c5bf7f6f08ceb796e52586ff97a768736e24bab3c5bd51ec7066657050716f69c47bffb6ab92f0

Download Submit
\Program Files (x86)\azkmrn\gghqp.exe

Filesize
381KB

MD5
4ba4abe1af56493b8502c0082abf6e27

SHA1
1e05b7174a2f42089140e0ebdc7fefed562145bb

SHA256
eaf7aecacb9495c543873148808dd33cdeba6d442ec8daba8b7fbdc5300d4530

SHA512
6e51a750cd10bade783fa558b562b3196c838a72a93b510d94c1a17de922e78061061efba60d90bc3e5b45802ee7785071dc977a7ef3439e22548d2e7bf186bf

Download Submit
memory/1576-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1576-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1576-9-0x00000000004A0000-0x0000000000534000-memory.dmp

Filesize
592KB

Download
memory/1576-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2264-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2264-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download