dc88835f44c98044dc99686c42f1bb53986c9eec47452a37244a564148769e0b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 14:46

Target

76a5d0f5d29176bb54200aa38e361931.exe
Size

1000KB
MD5

76a5d0f5d29176bb54200aa38e361931
SHA1

3dd74a20f40286d070526f5a8bf78ccfca508dd4
SHA256

dc88835f44c98044dc99686c42f1bb53986c9eec47452a37244a564148769e0b
SHA512

6af855b70abdc3567589bec5da6989e1b02921aecd405cad2925a7454f0d60dfed2e62bdb6c933839e92591c9a9234e2512b09b15ddec37a242ca42b9458bcdb
SSDEEP

24576:qKeyxTAJj7PZFK30B3I9ILWDdhVL0OOsI5zii8:qKeyRAwEB3w7DOZ5zih

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4828	vbzzamskpxx.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\kcqxto\vbzzamskpxx.exe	76a5d0f5d29176bb54200aa38e361931.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 4828	4932	76a5d0f5d29176bb54200aa38e361931.exe	21
PID 4932 wrote to memory of 4828	4932	76a5d0f5d29176bb54200aa38e361931.exe	21
PID 4932 wrote to memory of 4828	4932	76a5d0f5d29176bb54200aa38e361931.exe	21

C:\Users\Admin\AppData\Local\Temp\76a5d0f5d29176bb54200aa38e361931.exe
"C:\Users\Admin\AppData\Local\Temp\76a5d0f5d29176bb54200aa38e361931.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files (x86)\kcqxto\vbzzamskpxx.exe
  "C:\Program Files (x86)\kcqxto\vbzzamskpxx.exe"
  2⤵
  - Executes dropped EXE
  PID:4828

C:\Program Files (x86)\kcqxto\vbzzamskpxx.exe

Filesize
894KB

MD5
d7ce436f94a2c0eaac34812c37faac3e

SHA1
e0f595e60e3985cda46452e400f8b657f498ac91

SHA256
67763cffbb9c733ae27ae214c4f64ce1a60f479e11af19b57a7e890c89cebcbf

SHA512
ebd529737dfa6d697a4d5d048ff2b2cf89aceed80e075ae6a6bf5040a9bbfc6209514792f762b39816accb7e649f6b68f2f860b75e197f5706c464654ef9ee5c

Download Submit
C:\Program Files (x86)\kcqxto\vbzzamskpxx.exe

Filesize
1010KB

MD5
be582695f25ca82a4973d50e72504b1e

SHA1
6154fcd79b8da6a60ebd3909b864963ec610f031

SHA256
878db9e081a029c71ff2b918c5ebb917cca7a4ebe057f21f84142ea15019fdac

SHA512
660df4146eae6d18e9ba005389488bac58a290994fdc879b75a180717dacb836f8bec3ef148e93b6fed3501c1159ba42003b566e408d84e1534670860121db6a

Download Submit
memory/4828-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4828-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4932-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4932-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4932-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download