b4283978dda0aa9275bb1ee85574f802038aea53a1950278ba05eb679565b7b0

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 21:25

Target

1ce95c9afc0a57069932013379b3318b.exe
Size

1.8MB
MD5

1ce95c9afc0a57069932013379b3318b
SHA1

6902dd05f7d1a70d862065629ea83a6a3bc76d3e
SHA256

b4283978dda0aa9275bb1ee85574f802038aea53a1950278ba05eb679565b7b0
SHA512

bd3258a07a4c76b0c17460bdf081cd8a4724a8e4484eb7a8f47e265442c1b97a6ec350381f1bf2d2e5b59f984a530e137b9ef3bb3b6a5b5ff55c4f7c7604cfa0
SSDEEP

49152:GtKhfkuMiJDjGPIvs8mATeBtXT+qZJ1CNk1XlnHzR:S8TJDjGPBbyqDcNYnTR

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3640	Stp4594_TMP.EXE

Loads dropped DLL 3 IoCs

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\GLBSINST.%$D	Stp4594_TMP.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 3640	2944	1ce95c9afc0a57069932013379b3318b.exe	14
PID 2944 wrote to memory of 3640	2944	1ce95c9afc0a57069932013379b3318b.exe	14
PID 2944 wrote to memory of 3640	2944	1ce95c9afc0a57069932013379b3318b.exe	14

C:\Users\Admin\AppData\Local\Temp\1ce95c9afc0a57069932013379b3318b.exe
"C:\Users\Admin\AppData\Local\Temp\1ce95c9afc0a57069932013379b3318b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Users\Admin\AppData\Local\Temp\Stp4594_TMP.EXE
  "C:\Users\Admin\AppData\Local\Temp\Stp4594_TMP.EXE"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:3640

C:\Users\Admin\AppData\Local\Temp\GLC4621.tmp

Filesize
137KB

MD5
9432368d5cf6924b972efc7aa0ca95b9

SHA1
4bfbcb080f757ddcd8ab9a115f526d52ed9c690e

SHA256
9eaa686b43116710e69c136eaf9fd1023291763f094cb8c442ffcaa9b52d1017

SHA512
37f3527ce11b8b187081c12795ae8b554466cd4c5887518c017172536fafd0b16bdbf39f4564b84e5621df6ca945804eef1a0ce8e025f4810437e54497899ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLK4836.tmp

Filesize
44KB

MD5
03a537a2be784dbb334a559347587a8d

SHA1
2bc6ac78a7928468584b38c49fc8191cdf7cd7b8

SHA256
791cbaf92b019d23967483cf97ae1b261754ba1d18ada81d01c50f4dc1e97ac5

SHA512
527eb7bd1ba88dd5c59c65e65a4485cf5524c64c011afad17c81faacab9b9aed32fc25da8fb54582ff828f788e43303b846fb236a3b97f8c29a977b23c154037

Download Submit
C:\Users\Admin\AppData\Local\Temp\Stp4594_TMP.EXE

Filesize
93KB

MD5
a5ee9035c3fb3bc597da3e8d51c482f8

SHA1
1a05942aee43f6ff6f7eca0f63a24cf02460a342

SHA256
8171189628d8cac2fb786d46c756b583d70d713b6ca3771e74c4d4b4e7e3ba60

SHA512
195a3ea0a8d38b77aca440f6d76f254a1a6e38767c50c4eb491de134219bd016b21ca42cca5daba0951d652e94a3e4848240e306715b06eaacf981f0129a211b

Download Submit