138dba86c4a419f727dd9e9d402a997f6f0ba5225a99763705d49108cbd8363b

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:52

Target

253d2fc06ad1ba450f6da07ff03d2ffe.exe
Size

80KB
MD5

253d2fc06ad1ba450f6da07ff03d2ffe
SHA1

c331235d303df38cf4f34b3b32f982d43c795333
SHA256

138dba86c4a419f727dd9e9d402a997f6f0ba5225a99763705d49108cbd8363b
SHA512

72d3e58bd75d2cb317380fb00a900ea34e4e94e68b21508f858306408891e9b8b99b8f23d9a66b28e7a1b54ff1e4b12ddf92001f404df5bf22edc9bf6c6a7e4e
SSDEEP

1536:Bh3H8SlVQwHqXzZAELFPgUED2XiLXW+SCptfC0+x/rOoVju1Qd:Bh3HzVmED2X6W+SUfDuO4u1Q

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2864	OSFYCH.EXE

Loads dropped DLL 2 IoCs

pid	Process
2652	253d2fc06ad1ba450f6da07ff03d2ffe.exe
2652	253d2fc06ad1ba450f6da07ff03d2ffe.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\OSFYCH.EXE	OSFYCH.EXE
File created	C:\WINDOWS\SysWOW64\OSFYCH.EXE	253d2fc06ad1ba450f6da07ff03d2ffe.exe
File opened for modification	C:\WINDOWS\SysWOW64\OSFYCH.EXE	253d2fc06ad1ba450f6da07ff03d2ffe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2864	2652	253d2fc06ad1ba450f6da07ff03d2ffe.exe	28
PID 2652 wrote to memory of 2864	2652	253d2fc06ad1ba450f6da07ff03d2ffe.exe	28
PID 2652 wrote to memory of 2864	2652	253d2fc06ad1ba450f6da07ff03d2ffe.exe	28
PID 2652 wrote to memory of 2864	2652	253d2fc06ad1ba450f6da07ff03d2ffe.exe	28

\Windows\SysWOW64\OSFYCH.EXE

Filesize
80KB

MD5
253d2fc06ad1ba450f6da07ff03d2ffe

SHA1
c331235d303df38cf4f34b3b32f982d43c795333

SHA256
138dba86c4a419f727dd9e9d402a997f6f0ba5225a99763705d49108cbd8363b

SHA512
72d3e58bd75d2cb317380fb00a900ea34e4e94e68b21508f858306408891e9b8b99b8f23d9a66b28e7a1b54ff1e4b12ddf92001f404df5bf22edc9bf6c6a7e4e

Download Submit