2c05573f52b2d86226e7b162da397e2bb05b65f220d29898fe9015d0d3f0a77a

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:52

Target

079fc54e48dda546687aef93108d4302.exe
Size

1.7MB
MD5

079fc54e48dda546687aef93108d4302
SHA1

bcc26d92547904fc3737eb92ac100f9252df7ee6
SHA256

2c05573f52b2d86226e7b162da397e2bb05b65f220d29898fe9015d0d3f0a77a
SHA512

3301b7db8d596db6531c25a1932f6851a388499cd4cb06e2a2b997f8180484de4203d8911622b5235b2b29c6c2ac75bb6b074def17e4c50178ce19720ac4f9cb
SSDEEP

24576:dgdhhQGGnnazLpj4VHogiuGYNycAavew3mwmI1nk30sKbcGOyRW9ZHXE:dqgazxcGYN139lnk30rT

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2564	lgxlcwmxefcpy.exe

Loads dropped DLL 1 IoCs

pid	Process
3000	079fc54e48dda546687aef93108d4302.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\juwg\lgxlcwmxefcpy.exe	079fc54e48dda546687aef93108d4302.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2564	3000	079fc54e48dda546687aef93108d4302.exe	29
PID 3000 wrote to memory of 2564	3000	079fc54e48dda546687aef93108d4302.exe	29
PID 3000 wrote to memory of 2564	3000	079fc54e48dda546687aef93108d4302.exe	29
PID 3000 wrote to memory of 2564	3000	079fc54e48dda546687aef93108d4302.exe	29

C:\Users\Admin\AppData\Local\Temp\079fc54e48dda546687aef93108d4302.exe
"C:\Users\Admin\AppData\Local\Temp\079fc54e48dda546687aef93108d4302.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\juwg\lgxlcwmxefcpy.exe
  "C:\Program Files (x86)\juwg\lgxlcwmxefcpy.exe"
  2⤵
  - Executes dropped EXE
  PID:2564

C:\Program Files (x86)\juwg\lgxlcwmxefcpy.exe

Filesize
572KB

MD5
11e3b0ef57add07337ea70bd7ef179d9

SHA1
67fa92e1fc4982b31f6d0011934c003a3214e34b

SHA256
d3060d05e0946bb525de3d7a5e71e57543ef661dcdfda2557cee2134e040c440

SHA512
601dba64537714c3a27336eab4b351b6db2501252c0891672f6a5c3145b20725d7599c99a88942913f56a825ff61eced8cb84e32256b2d771407ae1fa4c01ded

Download Submit
\Program Files (x86)\juwg\lgxlcwmxefcpy.exe

Filesize
1.3MB

MD5
74ffd71a25966f9f4d71d371ee78381d

SHA1
f8a302ac6ed7c792294782de76780aa54fbab1a4

SHA256
74302e83d494a29d80c1896b80d7a88941db717aa879e28ee8882df765ad50e4

SHA512
26a3c01078ec3c092b4010c73a942182f7f44e64a5995dd12bfb9d611d4a82e2afa2cfeeb7608946f53dd4a70d61318ba683dc40de1edaa24ec4ed63629922a3

Download Submit
memory/2564-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3000-4-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download