baa57dd390af3b65cfe1a862140e18966757450141fc35627c0d9b28cde08f89

Analysis

max time kernel
122s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:45

Target

06030445eace1a98d279efafdb7bfc7f.exe
Size

500KB
MD5

06030445eace1a98d279efafdb7bfc7f
SHA1

e152890ab9d59091b2ada59da61f06a9752638dc
SHA256

baa57dd390af3b65cfe1a862140e18966757450141fc35627c0d9b28cde08f89
SHA512

54ac5bc7693982d69c42ddb1367e163d3d76b79d843f1086832810bdd910599836c7b2471d1857076353de86fdfdc02912b975475797d7bf7013bf6da508b2b5
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhWto9+PlHhXyd3:qKeyxTAJj7P+yeo9yBXy3

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1700	nxgcrpd.exe

Loads dropped DLL 1 IoCs

pid	Process
3068	06030445eace1a98d279efafdb7bfc7f.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\sdkahhbau\nxgcrpd.exe	06030445eace1a98d279efafdb7bfc7f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1700	3068	06030445eace1a98d279efafdb7bfc7f.exe	28
PID 3068 wrote to memory of 1700	3068	06030445eace1a98d279efafdb7bfc7f.exe	28
PID 3068 wrote to memory of 1700	3068	06030445eace1a98d279efafdb7bfc7f.exe	28
PID 3068 wrote to memory of 1700	3068	06030445eace1a98d279efafdb7bfc7f.exe	28

C:\Users\Admin\AppData\Local\Temp\06030445eace1a98d279efafdb7bfc7f.exe
"C:\Users\Admin\AppData\Local\Temp\06030445eace1a98d279efafdb7bfc7f.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files (x86)\sdkahhbau\nxgcrpd.exe
  "C:\Program Files (x86)\sdkahhbau\nxgcrpd.exe"
  2⤵
  - Executes dropped EXE
  PID:1700

\Program Files (x86)\sdkahhbau\nxgcrpd.exe

Filesize
515KB

MD5
b60dfa9429c0d532464d03c051c967ab

SHA1
d6d653d0e31b80ccb2c71dd9a4ee0ada7e2bc7ff

SHA256
d3de860f5201605642d8b0cab4e218678d22b2d1d363472fdd10dc9a93beaf68

SHA512
905e7b769f99becfd5187281f71a956d7b81f391a23671d927be681b7d1553e863ddfb0ad88ca635e4dfd6a0b09e771a91a1e76e7eee85b5a85c39722b496db9

Download Submit
memory/1700-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1700-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3068-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3068-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3068-9-0x0000000001DF0000-0x0000000001E84000-memory.dmp

Filesize
592KB

Download
memory/3068-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3068-11-0x0000000001DF0000-0x0000000001E84000-memory.dmp

Filesize
592KB

Download