254a960e930c6355342a5fc1d2e3095c4bce1674338a472611056ba989573c00

Analysis

max time kernel
148s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:40

Target

205856ad0e2f95ff5a7a1088e96fbd35.exe
Size

692KB
MD5

205856ad0e2f95ff5a7a1088e96fbd35
SHA1

4711d509688f3bb27e16e1d71f95596a3286a77b
SHA256

254a960e930c6355342a5fc1d2e3095c4bce1674338a472611056ba989573c00
SHA512

bb2701bee710f31848c10f15fc319c811f2874fcf0dc5db454859970374d90f411a7658a89a76712216e72ea5e68db563390e397ceb7784d3543d77a00dc3cc2
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVYhtmsU3iWb6dfdv:qKeyxTAJj7P+yW6mc1YVtmH3iW+rv

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2144	svskgimfq.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ggxyow\svskgimfq.exe	205856ad0e2f95ff5a7a1088e96fbd35.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 2144	4788	205856ad0e2f95ff5a7a1088e96fbd35.exe	16
PID 4788 wrote to memory of 2144	4788	205856ad0e2f95ff5a7a1088e96fbd35.exe	16
PID 4788 wrote to memory of 2144	4788	205856ad0e2f95ff5a7a1088e96fbd35.exe	16

C:\Users\Admin\AppData\Local\Temp\205856ad0e2f95ff5a7a1088e96fbd35.exe
"C:\Users\Admin\AppData\Local\Temp\205856ad0e2f95ff5a7a1088e96fbd35.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\ggxyow\svskgimfq.exe
  "C:\Program Files (x86)\ggxyow\svskgimfq.exe"
  2⤵
  - Executes dropped EXE
  PID:2144

C:\Program Files (x86)\ggxyow\svskgimfq.exe

Filesize
103KB

MD5
8abb2076f3f7ce5483caaf5cf8506e96

SHA1
bf560e20c632ab0b6836c2879bb1c9e97d26ce89

SHA256
c49b38592f96b5f18d187554e9a045bac03efa3c2013ef660044b725f90d138e

SHA512
cedb4bfad87c5356f051fc98018fb530bd690d475e097abc5c2a9b5eff5789f0e8ad7b27cfd1c19d89dab84516bdeca6bd2e26d3fbd7820d1b344051f01d6e8a

Download Submit
C:\Program Files (x86)\ggxyow\svskgimfq.exe

Filesize
28KB

MD5
491817c202bdd50495d931e0e56d9113

SHA1
d6674ee8d511c9adb105b959ad7ea703ce1ecbb4

SHA256
03b061276210d094212717406e7d2cf099111887ceaf1320caab6b4e3ce86fbd

SHA512
cfcf80366a9aea9ea09687488ee2d61fdc54b501dd1a25c208a7aa97aead7c595366e03712e56b12fc960518cd642d48ea34c3b55e29db3d81a0ff373896562b

Download Submit
memory/2144-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2144-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2144-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4788-5-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4788-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4788-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download