59434c06e7202412e170d04942d455c34efa5a2b03874e4296bcd2b397daa346

Analysis

max time kernel
139s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 06:37

Target

113714d6e06bb2c8abf8c1da9c8a8950.exe
Size

1.3MB
MD5

113714d6e06bb2c8abf8c1da9c8a8950
SHA1

43d8f27f229bb2cc13b0cd1ce194dbcf03bc170c
SHA256

59434c06e7202412e170d04942d455c34efa5a2b03874e4296bcd2b397daa346
SHA512

b727d2ed10d905f80f87f117590e16c0e23fa42dc1ff435222db53815c965c20e27f56fb1f9d89aa203048a3fe3adee8f9347a0a549106bbd4d30cec0ba06713
SSDEEP

24576:qKeyxTAJj7PZFK30B3I9ILWDdhV1uBKqu/PJCBrxF/1vvz6BY:qKeyRAwEB3w7DbuBK18xF/1vvz6O

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3152	jorofxwiiv.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ljru\jorofxwiiv.exe	113714d6e06bb2c8abf8c1da9c8a8950.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 3152	3816	113714d6e06bb2c8abf8c1da9c8a8950.exe	15
PID 3816 wrote to memory of 3152	3816	113714d6e06bb2c8abf8c1da9c8a8950.exe	15
PID 3816 wrote to memory of 3152	3816	113714d6e06bb2c8abf8c1da9c8a8950.exe	15

C:\Users\Admin\AppData\Local\Temp\113714d6e06bb2c8abf8c1da9c8a8950.exe
"C:\Users\Admin\AppData\Local\Temp\113714d6e06bb2c8abf8c1da9c8a8950.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Program Files (x86)\ljru\jorofxwiiv.exe
  "C:\Program Files (x86)\ljru\jorofxwiiv.exe"
  2⤵
  - Executes dropped EXE
  PID:3152

memory/3152-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3152-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3816-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3816-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3816-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download