62c88b88fb3fa0bd718a95b210d3a467891de6442b70338d311b06087bd990fc

Analysis

max time kernel
146s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:21

Target

0861c5ec7470838e340ba611ecc0051d.exe
Size

100KB
MD5

0861c5ec7470838e340ba611ecc0051d
SHA1

987055c1068a7b7eb2e724f01db87b790ca768a4
SHA256

62c88b88fb3fa0bd718a95b210d3a467891de6442b70338d311b06087bd990fc
SHA512

8f7a37769fdbce7fbad97ae4a942fdb1d4f1cd2376a0c03b39a211558e8586e08d7aca22eec335c5e2efdc69cfc4cf6696263612a4979dd170ebf24096aa424d
SSDEEP

768:odo+UH7YAFoWqjrM1vg//mYdo+Wv8f46QI8HayB3DNlhK:VaAFoT/4vgAhUw6gHBTw

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
3472	0861c5ec7470838e340ba611ecc0051d.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\lnaixnauhqq.cfg	0861c5ec7470838e340ba611ecc0051d.exe
File opened for modification	C:\Windows\SysWOW64\lnaixnauhqq.dll	0861c5ec7470838e340ba611ecc0051d.exe
File created	C:\Windows\SysWOW64\lnaixnauhqq.dll	0861c5ec7470838e340ba611ecc0051d.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3472	0861c5ec7470838e340ba611ecc0051d.exe
3472	0861c5ec7470838e340ba611ecc0051d.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4324	3472	0861c5ec7470838e340ba611ecc0051d.exe	62
PID 3472 wrote to memory of 4324	3472	0861c5ec7470838e340ba611ecc0051d.exe	62
PID 3472 wrote to memory of 4324	3472	0861c5ec7470838e340ba611ecc0051d.exe	62

C:\Users\Admin\AppData\Local\Temp\0861c5ec7470838e340ba611ecc0051d.exe
"C:\Users\Admin\AppData\Local\Temp\0861c5ec7470838e340ba611ecc0051d.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\0861c5ec7470838e340ba611ecc0051d.exe"
  2⤵
  PID:4324

C:\Windows\SysWOW64\lnaixnauhqq.dll

Filesize
13KB

MD5
46eca18c616ab52e751fadaf2b2f64a7

SHA1
b2905d007d97e291e0b7b64063376c0e8d4b32d8

SHA256
18ad1ec2c3f71af630d7b434e2994d6bda25f65f0c90ede83c69db2ee8c78681

SHA512
c1594a75571f25d057726210f540579ec2c1d2aba7e48ecbf16a8be1396579a42653a5b86828b1b1469c2f1e5615060f94d3379c3c3735a1659ba57e77ac8d2c

Download Submit
memory/3472-8-0x0000000025000000-0x000000002501C000-memory.dmp

Filesize
112KB

Download
memory/3472-12-0x0000000025000000-0x000000002501C000-memory.dmp

Filesize
112KB

Download