115ec48b87350b12315a961f28dfcb3f0786c2a4196da215263927beded60cbe

Analysis

max time kernel
0s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 05:13

Target

3ffae80b1b615e7d8a3d30ea4659f62d.exe
Size

37KB
MD5

3ffae80b1b615e7d8a3d30ea4659f62d
SHA1

e4f71faceab411cabcafaa7b869d6e18b90551d2
SHA256

115ec48b87350b12315a961f28dfcb3f0786c2a4196da215263927beded60cbe
SHA512

7c4c129ea2053a39681191e26b3dd2c80f976e5b1a2c55773f3965e059b016708f93ae71544fe2b33af577dc92ff5ca21434092969e220a95ae0898ea0ab273f
SSDEEP

768:KhqoX1u/6dwJMpQC+e1a9Z80BFhrOTA6znqzVLC+YUPMcFl3T/NmM/6nS5:KRFe6dgMpsXZ80bhyXqzVRXl3jr/6S5

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\explorer.exe	3ffae80b1b615e7d8a3d30ea4659f62d.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	explorer.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 4976	4092	3ffae80b1b615e7d8a3d30ea4659f62d.exe	18
PID 4092 wrote to memory of 4976	4092	3ffae80b1b615e7d8a3d30ea4659f62d.exe	18
PID 4092 wrote to memory of 4976	4092	3ffae80b1b615e7d8a3d30ea4659f62d.exe	18
PID 4092 wrote to memory of 4844	4092	3ffae80b1b615e7d8a3d30ea4659f62d.exe	20
PID 4092 wrote to memory of 4844	4092	3ffae80b1b615e7d8a3d30ea4659f62d.exe	20
PID 4092 wrote to memory of 4844	4092	3ffae80b1b615e7d8a3d30ea4659f62d.exe	20

C:\Users\Admin\AppData\Local\Temp\3ffae80b1b615e7d8a3d30ea4659f62d.exe
"C:\Users\Admin\AppData\Local\Temp\3ffae80b1b615e7d8a3d30ea4659f62d.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Windows\SysWOW64\explorer.exe
  C:\Windows\system32\explorer.exe
  2⤵
  - Modifies registry class
  PID:4976
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5515.tmp.bat
  2⤵
  PID:4844

C:\Users\Admin\AppData\Local\Temp\$$a5515.tmp.bat

Filesize
233B

MD5
b9e20d70db61c298cb6b381c0e29de84

SHA1
19f76246e0e671faae2da13d082d93365d9556a0

SHA256
0ba5ab15748bfcd2a28013fabf4d884f2700591a971177df427ea621b115644a

SHA512
fc7df24afd6ab1b1e7893319624ad2cac8be4fcc9aa1227490dc0a350520c33108c18d759ab48e0fb120b0a82ee703e328d4692e68b042cd3ca66dd5ccd0921e

Download Submit
memory/4092-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4092-3-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download