481d0eb03ae2ccf71fb5b41bb3608bb19ffd6a07d32dbc7b939cdd519e45476b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 12:50

Target

36bf2da5563fc52b905d8a29734fd64d.exe
Size

835KB
MD5

36bf2da5563fc52b905d8a29734fd64d
SHA1

4954cae44dc6d030c6fad69bfa406ffa1211e48d
SHA256

481d0eb03ae2ccf71fb5b41bb3608bb19ffd6a07d32dbc7b939cdd519e45476b
SHA512

a7e4d493fd5fffc988ff544993941040d6eb8f0c4c6ba5cdb39c7859b5d0de91060a99b123cfc91335dc8c2a84ca4965f70ea2695a83f7a8859442269e8faef6
SSDEEP

24576:qKeyxTAJj7P+yW6mc1YCwuv6ez8KTHjTV6LN:qKeyRA0y9fWCw28YFmN

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2212	hiibhzup.exe

Loads dropped DLL 1 IoCs

pid	Process
3028	36bf2da5563fc52b905d8a29734fd64d.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\hcudohuxo\hiibhzup.exe	36bf2da5563fc52b905d8a29734fd64d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2212	3028	36bf2da5563fc52b905d8a29734fd64d.exe	15
PID 3028 wrote to memory of 2212	3028	36bf2da5563fc52b905d8a29734fd64d.exe	15
PID 3028 wrote to memory of 2212	3028	36bf2da5563fc52b905d8a29734fd64d.exe	15
PID 3028 wrote to memory of 2212	3028	36bf2da5563fc52b905d8a29734fd64d.exe	15

C:\Users\Admin\AppData\Local\Temp\36bf2da5563fc52b905d8a29734fd64d.exe
"C:\Users\Admin\AppData\Local\Temp\36bf2da5563fc52b905d8a29734fd64d.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\hcudohuxo\hiibhzup.exe
  "C:\Program Files (x86)\hcudohuxo\hiibhzup.exe"
  2⤵
  - Executes dropped EXE
  PID:2212

C:\Program Files (x86)\hcudohuxo\hiibhzup.exe

Filesize
856KB

MD5
2874e72fd7e1357c1689be077b2476ec

SHA1
676de2164f81082972b69704ebce0f71bbff65f6

SHA256
935a5b490bc1ae9a9f61edea2028cd1b6ec7f6227dca62665db4e5fbe98b3b30

SHA512
25f5ce1350d9dfa57245142e141f89eedec65d5a1aca6769c2ac94076f63bcbd9ee772057d9e62a15b4652878a03e932e63a02eb731e351254cbcfe59fa5c71a

Download Submit
memory/2212-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2212-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3028-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3028-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3028-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download