254a960e930c6355342a5fc1d2e3095c4bce1674338a472611056ba989573c00

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:40

Target

205856ad0e2f95ff5a7a1088e96fbd35.exe
Size

692KB
MD5

205856ad0e2f95ff5a7a1088e96fbd35
SHA1

4711d509688f3bb27e16e1d71f95596a3286a77b
SHA256

254a960e930c6355342a5fc1d2e3095c4bce1674338a472611056ba989573c00
SHA512

bb2701bee710f31848c10f15fc319c811f2874fcf0dc5db454859970374d90f411a7658a89a76712216e72ea5e68db563390e397ceb7784d3543d77a00dc3cc2
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVYhtmsU3iWb6dfdv:qKeyxTAJj7P+yW6mc1YVtmH3iW+rv

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2316	gycjeqixeduf.exe

Loads dropped DLL 1 IoCs

pid	Process
2724	205856ad0e2f95ff5a7a1088e96fbd35.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\jvnci\gycjeqixeduf.exe	205856ad0e2f95ff5a7a1088e96fbd35.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2316	2724	205856ad0e2f95ff5a7a1088e96fbd35.exe	28
PID 2724 wrote to memory of 2316	2724	205856ad0e2f95ff5a7a1088e96fbd35.exe	28
PID 2724 wrote to memory of 2316	2724	205856ad0e2f95ff5a7a1088e96fbd35.exe	28
PID 2724 wrote to memory of 2316	2724	205856ad0e2f95ff5a7a1088e96fbd35.exe	28

C:\Users\Admin\AppData\Local\Temp\205856ad0e2f95ff5a7a1088e96fbd35.exe
"C:\Users\Admin\AppData\Local\Temp\205856ad0e2f95ff5a7a1088e96fbd35.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\jvnci\gycjeqixeduf.exe
  "C:\Program Files (x86)\jvnci\gycjeqixeduf.exe"
  2⤵
  - Executes dropped EXE
  PID:2316

C:\Program Files (x86)\jvnci\gycjeqixeduf.exe

Filesize
128KB

MD5
c92b058835f7a86a8e2a20d5f9065063

SHA1
94fbe2103eae33bac91c0a3bd8a458ec131c90ed

SHA256
142e65967973433832ae21f74aa3af7eb4aff00a9589100eac990e024b40bd3e

SHA512
2937f5a80eb2b67e906b0c2a0f278dc852ca6f8c678a140be43e7fba4ffdc26ba9ac1cc8b56910503c0c5cc710f333e8daf8c8cf66ab67f94b0d7df577c9f6bd

Download Submit
\Program Files (x86)\jvnci\gycjeqixeduf.exe

Filesize
280KB

MD5
ec8ed99ea393d9a7aaa9088f1f518fe5

SHA1
8f8e82ec07e16b00481218ce6dcefd53a904762d

SHA256
5f73420ef20f21fc67c3bd0e1fee6540b74155e84c960af6e8b72e941c59efdc

SHA512
9c4894bcab8b49ae0aad453cf26f9e2666de7e475c521dbb7b3ebde9b2b9e759df5e73272d4fe6785acfb782a517d22167809d49c840849f6d48b98965285963

Download Submit
memory/2316-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2316-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2724-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2724-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2724-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download