284b693dfdd12406826e29694479b85e2d7cc189784187da07b56f559e78999d

Analysis

max time kernel
140s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 08:29

Target

137194ecd53339111a561259151aa996.exe
Size

1.3MB
MD5

137194ecd53339111a561259151aa996
SHA1

992f962c6224fae6bc2422d56c717da84c5bf84a
SHA256

284b693dfdd12406826e29694479b85e2d7cc189784187da07b56f559e78999d
SHA512

6453142b90e6db2cfe41df9a17699714b00f6b898c34532ffb4db32618b1b2e6c4cefdf0f7f70115d30d6cb0551d525433c56338cd9df19af82d4732e94f4029
SSDEEP

24576:qKeyxTAJj7PZFK30B3I9ILWDdhV1uBKqu/PJCBrxF/1vvz6A6kw6:qKeyRAwEB3w7DbuBK18xF/1vvz6bq

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4236	hfzdpnon.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\oiexu\hfzdpnon.exe	137194ecd53339111a561259151aa996.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 4236	2908	137194ecd53339111a561259151aa996.exe	87
PID 2908 wrote to memory of 4236	2908	137194ecd53339111a561259151aa996.exe	87
PID 2908 wrote to memory of 4236	2908	137194ecd53339111a561259151aa996.exe	87

C:\Users\Admin\AppData\Local\Temp\137194ecd53339111a561259151aa996.exe
"C:\Users\Admin\AppData\Local\Temp\137194ecd53339111a561259151aa996.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\oiexu\hfzdpnon.exe
  "C:\Program Files (x86)\oiexu\hfzdpnon.exe"
  2⤵
  - Executes dropped EXE
  PID:4236

C:\Program Files (x86)\oiexu\hfzdpnon.exe

Filesize
875KB

MD5
a06c658f7b6ddd45be27e86404f04a27

SHA1
23a2fda89a27583578b92dc1612ea1ba76216872

SHA256
a20e0ac5d7ed19193a98908634bb8bed58cb7c4bc946739a7e29579cf3122f5e

SHA512
610005b2c5613499fe32c3209699b7fa89dc584d8dfbd62bfa8c467790b6a12ee2dd59a8be88cc6d515540d9d1a5f61fd3fb245a6a96655faba297f4cb54b509

Download Submit
C:\Program Files (x86)\oiexu\hfzdpnon.exe

Filesize
229KB

MD5
5b372891ef618fb8a380408a0cc7b88d

SHA1
b3cc2986b774846e5b6f5978d833aa211c8d05fd

SHA256
ae83bbc2506940ada1bc991ae482c3dbe6ffb54a9c41fc5b75d25efae8a437e0

SHA512
beb0649cfbcac75a9935877a3e5e95e5a7383c3fdbda207cac8e965d1b1fb44d2cbd21460b5c5564b6b13422f4fe206e17e40643a48d7982e238dace5ec720ed

Download Submit
memory/2908-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2908-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2908-4-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4236-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4236-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4236-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download