c9a34a3ab34b232d14b1967e5e817b661779e717d4864e8485e3fad4569e604f

Analysis

max time kernel
153s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 06:11

Target

2b4cda672d4fad6eb1be80658b06c6c4.exe
Size

79KB
MD5

2b4cda672d4fad6eb1be80658b06c6c4
SHA1

d332d25106d799d7db6f0fa0584517fe0e27092e
SHA256

c9a34a3ab34b232d14b1967e5e817b661779e717d4864e8485e3fad4569e604f
SHA512

b6551015f340d2638d88e694562cc144aeb9d3806d57dbf5fd69384442680c5dbc3509f9f0af3d2fe65dc80854746f7ca833e3b3d58f6da51380ececd53bdac3
SSDEEP

1536:XOQGAyfxjW34aQh4YeT37J2zN7Aha2osnaYVqwvWmiyxxKTn9R4T5NjskC9AJNb:XOQGAyfls4aQ2RfJQNkA2XnDqwHxQnIp

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
4716	2b4cda672d4fad6eb1be80658b06c6c4.exe
4716	2b4cda672d4fad6eb1be80658b06c6c4.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\des32.exe	2b4cda672d4fad6eb1be80658b06c6c4.exe
File created	C:\Windows\SysWOW64\des32.exe	2b4cda672d4fad6eb1be80658b06c6c4.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system\verclsid.dll	2b4cda672d4fad6eb1be80658b06c6c4.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4716	2b4cda672d4fad6eb1be80658b06c6c4.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 4404	4716	2b4cda672d4fad6eb1be80658b06c6c4.exe	89
PID 4716 wrote to memory of 4404	4716	2b4cda672d4fad6eb1be80658b06c6c4.exe	89
PID 4716 wrote to memory of 4404	4716	2b4cda672d4fad6eb1be80658b06c6c4.exe	89
PID 4716 wrote to memory of 1780	4716	2b4cda672d4fad6eb1be80658b06c6c4.exe	93
PID 4716 wrote to memory of 1780	4716	2b4cda672d4fad6eb1be80658b06c6c4.exe	93
PID 4716 wrote to memory of 1780	4716	2b4cda672d4fad6eb1be80658b06c6c4.exe	93

C:\Users\Admin\AppData\Local\Temp\2b4cda672d4fad6eb1be80658b06c6c4.exe
"C:\Users\Admin\AppData\Local\Temp\2b4cda672d4fad6eb1be80658b06c6c4.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\9.bat
  2⤵
  PID:4404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\9.bat
  2⤵
  PID:1780

C:\Users\Admin\AppData\Local\Temp\9.bat

Filesize
84B

MD5
626878db8be7395e3b354e1f6fcd0010

SHA1
6f942167386a4793ea10585d8983662acb2b35dc

SHA256
f96dc3b6aa8daaf599090ce10bd06955665115a94a305a07a8dcf4a2c88a6f5c

SHA512
ad6d474f3b10e5eb11154d8655001510d66e471bc44f7a96386b3908797f2c943c779f31d9506ac7cacf75e9fd146945e73dc7b7b05e9ca467203270b094df44

Download Submit
C:\Users\Admin\AppData\Local\Temp\9.bat

Filesize
62B

MD5
9f7f3de6e2623e256be85b2e5bb5f23b

SHA1
199fa5b41080a7705f03814d76bcafe6b157ba2b

SHA256
20e8db8195dd8433b9c6ac7f732b52e8e618dfeff34ee31fb6be2875467b5ef8

SHA512
60ff379a73a67e0def09ca89b8770ffe45b791c16466e8ad560ea4e27cbac97f7765f9fc90184ae7cb5b0d8c805d65e35ddcc694c77eafe28709b7164ee8694d

Download Submit
C:\Windows\System\verclsid.dll

Filesize
127KB

MD5
53bb1a68caef2d97165ef05576cf705d

SHA1
644045b12432d10ad43004bf6a7fb152ad6d22ee

SHA256
4d21e1b191686b7a156f209b2351abc44f422c3bd5dd5afbd082cb686aa5d2d1

SHA512
1a437b856e33f28c56bd900b3ea0b9bc42d05aa5349afe325f1213f0875ae9d8e7e2b4388e82234a4884b9da47d5ea614bb64188051646358baa89fce11d2480

Download Submit
memory/4716-5-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4716-12-0x00000000021A0000-0x00000000021C4000-memory.dmp

Filesize
144KB

Download
memory/4716-15-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4716-16-0x00000000021A0000-0x00000000021C4000-memory.dmp

Filesize
144KB

Download