4a540ff1917370aadc7a5fc76eff415c413eb171e17440c2d1f0cb039af1690b

Analysis

max time kernel
132s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 21:19

Target

044825a4f83128fce96bfd7d92ae9fa9.exe
Size

88KB
MD5

044825a4f83128fce96bfd7d92ae9fa9
SHA1

216066c5796dd360e1b4db0173e44aec867f2486
SHA256

4a540ff1917370aadc7a5fc76eff415c413eb171e17440c2d1f0cb039af1690b
SHA512

61988c6c7992369e59a2e6d1bb28ceb03826ed1d1170f0ad0d4e6890e7ed3542ecb3f71ba688abb9de73462b90414c99a2c5ccf9810e139cc527e0a638fb64d6
SSDEEP

1536:osut1HT/v/IuyOG/35daEsi1CJcFXdcSj/wDDZXYPCM/AcVf+875r9/Ah:oPjL/IuyOGf5d8cFXWw41XYPCRA+8A

Score

4^/10

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\glok+53e5-127d.sys	044825a4f83128fce96bfd7d92ae9fa9.exe
File created	C:\Windows\glok+serv.config	044825a4f83128fce96bfd7d92ae9fa9.exe
File opened for modification	C:\Windows\glok+serv.config	044825a4f83128fce96bfd7d92ae9fa9.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 1084	4636	044825a4f83128fce96bfd7d92ae9fa9.exe	89
PID 4636 wrote to memory of 1084	4636	044825a4f83128fce96bfd7d92ae9fa9.exe	89
PID 4636 wrote to memory of 1084	4636	044825a4f83128fce96bfd7d92ae9fa9.exe	89
PID 4636 wrote to memory of 1832	4636	044825a4f83128fce96bfd7d92ae9fa9.exe	90
PID 4636 wrote to memory of 1832	4636	044825a4f83128fce96bfd7d92ae9fa9.exe	90
PID 4636 wrote to memory of 1832	4636	044825a4f83128fce96bfd7d92ae9fa9.exe	90
PID 1832 wrote to memory of 1264	1832	w32tm.exe	95
PID 1832 wrote to memory of 1264	1832	w32tm.exe	95
PID 1084 wrote to memory of 1724	1084	w32tm.exe	96
PID 1084 wrote to memory of 1724	1084	w32tm.exe	96