71ca949fe5ae3e604bc42cad9657022433d1045326017f0ab3aa7da83ace7d27

Analysis

max time kernel
134s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 01:38

Target

0a5726dd8968960fb92d826692542adf.exe
Size

551KB
MD5

0a5726dd8968960fb92d826692542adf
SHA1

a900ea3730f7898c2ba66d121b612a75739aa2eb
SHA256

71ca949fe5ae3e604bc42cad9657022433d1045326017f0ab3aa7da83ace7d27
SHA512

152d389f03069548344be3850d8d12e62ff24bb257530de938bf880dc0ca1150cffc5683ff1c3d1685cf2b99e5cecaabd00af2c98027cba9990df027be656c21
SSDEEP

12288:AYynwbXvXjM4QKalFT2U0y0OZDdq02MGllERfxqv4mS:QCvXI532O0OGWRT

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3824	idsec.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\idsec.exe	idsec.exe
File created	C:\Windows\SysWOW64\idsec.exe	0a5726dd8968960fb92d826692542adf.exe
File opened for modification	C:\Windows\SysWOW64\idsec.exe	0a5726dd8968960fb92d826692542adf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 4576	2100	0a5726dd8968960fb92d826692542adf.exe	93
PID 2100 wrote to memory of 4576	2100	0a5726dd8968960fb92d826692542adf.exe	93
PID 2100 wrote to memory of 4576	2100	0a5726dd8968960fb92d826692542adf.exe	93

C:\Users\Admin\AppData\Local\Temp\0a5726dd8968960fb92d826692542adf.exe
"C:\Users\Admin\AppData\Local\Temp\0a5726dd8968960fb92d826692542adf.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\3178.bat
  2⤵
  PID:4576

C:\Users\Admin\AppData\Local\Temp\3178.bat

Filesize
198B

MD5
3fb56b5c9b12263e6d997c3a5e78c86b

SHA1
3d179af4fb5dc6f2c46d80981cafa1d7073831b6

SHA256
5032ed1933fb6dbfee94373f9fd1697663770433473a9a50d09fb1c4c192b566

SHA512
6d10059f8a6c3dd039ca7c91b0d8e664f09a1e8777deba0cdd04a88d41b14509131c48caf3ffc57de656e5892a15d77eea14527a5deb08ae8c6af6e2c83ebae5

Download Submit
C:\Windows\SysWOW64\idsec.exe

Filesize
551KB

MD5
0a5726dd8968960fb92d826692542adf

SHA1
a900ea3730f7898c2ba66d121b612a75739aa2eb

SHA256
71ca949fe5ae3e604bc42cad9657022433d1045326017f0ab3aa7da83ace7d27

SHA512
152d389f03069548344be3850d8d12e62ff24bb257530de938bf880dc0ca1150cffc5683ff1c3d1685cf2b99e5cecaabd00af2c98027cba9990df027be656c21

Download Submit
memory/2100-0-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download
memory/2100-1-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/2100-7-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download
memory/2100-14-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download
memory/2100-18-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download
memory/3824-10-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download
memory/3824-13-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/3824-15-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download