7b104f495b90880c50c881aedf9725f80512b2fc2704372867b4fdc708e98f36

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 01:21

Target

09eebb49c384c60e573fec3bd707dffb.exe
Size

15KB
MD5

09eebb49c384c60e573fec3bd707dffb
SHA1

be52f4439d1f497d32e6ff18a08972d1f6dd1c5b
SHA256

7b104f495b90880c50c881aedf9725f80512b2fc2704372867b4fdc708e98f36
SHA512

26d32e7753adb666892f8a529c7699c8d2a99322b7b826296223959bb7ff6a14adfb9a75b003e0ed0dc2309bb3d9812c29335b30688b6bfc438260f5d218124b
SSDEEP

384:GNkPSM3oGD+GKOFhx4iJ0HQ5avfgjGspx/7bMrtvJPA:G8D+GHmiJ04X/7bMLY

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
4740	09eebb49c384c60e573fec3bd707dffb.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\gdzyhxi32.dll	09eebb49c384c60e573fec3bd707dffb.exe
File created	C:\Windows\SysWOW64\gdzyhxi32.dll	09eebb49c384c60e573fec3bd707dffb.exe
File opened for modification	C:\Windows\SysWOW64\gdzyhxi32.cfg	09eebb49c384c60e573fec3bd707dffb.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 3168	4740	09eebb49c384c60e573fec3bd707dffb.exe	74
PID 4740 wrote to memory of 3168	4740	09eebb49c384c60e573fec3bd707dffb.exe	74
PID 4740 wrote to memory of 3168	4740	09eebb49c384c60e573fec3bd707dffb.exe	74

C:\Users\Admin\AppData\Local\Temp\09eebb49c384c60e573fec3bd707dffb.exe
"C:\Users\Admin\AppData\Local\Temp\09eebb49c384c60e573fec3bd707dffb.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\09eebb49c384c60e573fec3bd707dffb.exe"
  2⤵
  PID:3168

C:\Windows\SysWOW64\gdzyhxi32.dll

Filesize
12KB

MD5
e627536e3ef85d72585649f1703e55a6

SHA1
6a7086da48ff1d12f441f6425bf5106084440743

SHA256
ad6728cf76be98b5a05870a2d3033cf95bcc2408beb0e375cea9991c5a67a679

SHA512
d744546c67e734aff7ce4897e1f3c251733994ba79670ae245201340ed64b6812a447c7ee91a391d14d338ed96d90af46dc42a11045bf164d924b54f655245a4

Download Submit
memory/4740-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4740-10-0x0000000025000000-0x0000000025019000-memory.dmp

Filesize
100KB

Download
memory/4740-14-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4740-15-0x0000000025000000-0x0000000025019000-memory.dmp

Filesize
100KB

Download