9ffc9032a1b4f78a2f6f5436b0b23250a3fc8474ce4c14f6ec3622e476467481

Analysis

max time kernel
149s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:46

Target

076fa6228ce85eab763a4955b02523d1.exe
Size

568KB
MD5

076fa6228ce85eab763a4955b02523d1
SHA1

466d18538ba6d6fbd49c5824b79e3f8ab6322722
SHA256

9ffc9032a1b4f78a2f6f5436b0b23250a3fc8474ce4c14f6ec3622e476467481
SHA512

ede94375af9ff0e038a07e8ac404fe7dd50fd02e1b7fc5121f3f45452e65198c07be2e912d5125c594088ca61dd5d81c081a9a75e8b995a8b33f1fee80c1c0a8
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhRx9DJ6c6zpk45a9VJSRRJ:qKeyxTAJj7P+yjPJMk2GJyJ

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3892	gpi.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ehvtiukiya\gpi.exe	076fa6228ce85eab763a4955b02523d1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 3892	808	076fa6228ce85eab763a4955b02523d1.exe	18
PID 808 wrote to memory of 3892	808	076fa6228ce85eab763a4955b02523d1.exe	18
PID 808 wrote to memory of 3892	808	076fa6228ce85eab763a4955b02523d1.exe	18

C:\Users\Admin\AppData\Local\Temp\076fa6228ce85eab763a4955b02523d1.exe
"C:\Users\Admin\AppData\Local\Temp\076fa6228ce85eab763a4955b02523d1.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:808
- C:\Program Files (x86)\ehvtiukiya\gpi.exe
  "C:\Program Files (x86)\ehvtiukiya\gpi.exe"
  2⤵
  - Executes dropped EXE
  PID:3892

C:\Program Files (x86)\ehvtiukiya\gpi.exe

Filesize
8KB

MD5
c87b3f9eae8ba1d63afbfbf76b629456

SHA1
8b8f8902ad51989f63427e504b98a0c6a26336bc

SHA256
b744567613a59240dbed9193c1031c4a3fe1a68e8e3830e594cf3a1ea275f928

SHA512
2342e1c3cc91d0b7b5e5c6fc1be7cb154f0d12e256fee9a7384e724cf9e93e8386e7c2ce9d8904d711700e4939089873313ecf0ee733d4e0780ff24055d99272

Download Submit
C:\Program Files (x86)\ehvtiukiya\gpi.exe

Filesize
42KB

MD5
7220b61b482b68e01b115e8c74f65ace

SHA1
0aa0d6e3f09edcbc48607330193ec7e1e7256668

SHA256
cf8f988fd6591340d81518245362ebdaa9f06cb53292c9aab5a7a7e5f5ea70a3

SHA512
c0c1a1dd4dc4b3cd293dd2d7a2769f50e47ef5131b5f441837b0a0aaaad61f734e89aa44236b3efb63ab4f7cb1615dfda953a196a18be1b1d10173016572b049

Download Submit
memory/808-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/808-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/808-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3892-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3892-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3892-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download