4a540ff1917370aadc7a5fc76eff415c413eb171e17440c2d1f0cb039af1690b

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 21:19

Target

044825a4f83128fce96bfd7d92ae9fa9.exe
Size

88KB
MD5

044825a4f83128fce96bfd7d92ae9fa9
SHA1

216066c5796dd360e1b4db0173e44aec867f2486
SHA256

4a540ff1917370aadc7a5fc76eff415c413eb171e17440c2d1f0cb039af1690b
SHA512

61988c6c7992369e59a2e6d1bb28ceb03826ed1d1170f0ad0d4e6890e7ed3542ecb3f71ba688abb9de73462b90414c99a2c5ccf9810e139cc527e0a638fb64d6
SSDEEP

1536:osut1HT/v/IuyOG/35daEsi1CJcFXdcSj/wDDZXYPCM/AcVf+875r9/Ah:oPjL/IuyOGf5d8cFXWw41XYPCRA+8A

Score

4^/10

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\glok+1133-784.sys	044825a4f83128fce96bfd7d92ae9fa9.exe
File created	C:\Windows\glok+serv.config	044825a4f83128fce96bfd7d92ae9fa9.exe
File opened for modification	C:\Windows\glok+serv.config	044825a4f83128fce96bfd7d92ae9fa9.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
468	Process not Found

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2904	2908	044825a4f83128fce96bfd7d92ae9fa9.exe	28
PID 2908 wrote to memory of 2904	2908	044825a4f83128fce96bfd7d92ae9fa9.exe	28
PID 2908 wrote to memory of 2904	2908	044825a4f83128fce96bfd7d92ae9fa9.exe	28
PID 2908 wrote to memory of 2904	2908	044825a4f83128fce96bfd7d92ae9fa9.exe	28
PID 2908 wrote to memory of 2084	2908	044825a4f83128fce96bfd7d92ae9fa9.exe	29
PID 2908 wrote to memory of 2084	2908	044825a4f83128fce96bfd7d92ae9fa9.exe	29
PID 2908 wrote to memory of 2084	2908	044825a4f83128fce96bfd7d92ae9fa9.exe	29
PID 2908 wrote to memory of 2084	2908	044825a4f83128fce96bfd7d92ae9fa9.exe	29
PID 2904 wrote to memory of 1772	2904	w32tm.exe	33
PID 2084 wrote to memory of 524	2084	w32tm.exe	32
PID 2904 wrote to memory of 1772	2904	w32tm.exe	33
PID 2904 wrote to memory of 1772	2904	w32tm.exe	33
PID 2084 wrote to memory of 524	2084	w32tm.exe	32
PID 2084 wrote to memory of 524	2084	w32tm.exe	32
PID 2084 wrote to memory of 524	2084	w32tm.exe	32
PID 2904 wrote to memory of 1772	2904	w32tm.exe	33

C:\Windows\glok+serv.config

Filesize
19KB

MD5
a275f712246fa442789ffd6f50db58c4

SHA1
6d762491572273d2f7a73c6d49b91d9b1ed49b31

SHA256
973188272f96a7a2a9f8193bb16287b92007cb048d6c97434f309bcf3004be8e

SHA512
827a8c14531a023ca7fd86ce66a7cf3ab70c363664aaaa73ac872b77eba4e5ac3e609ad13e45837746dd3fc0d794b311d05d18e54d0dcbf125215c4808044a36

Download Submit