84a9a47b71f06450a1f46902f70fbf9151df347b46cbbf1ae5fbdace96c1f5d1

Analysis

max time kernel
112s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 08:50

Target

4069d37771d0e537cd027622e79628a9.exe
Size

896KB
MD5

4069d37771d0e537cd027622e79628a9
SHA1

3d1a9784e00203fa36258a4c6c39e5eb3adc95e9
SHA256

84a9a47b71f06450a1f46902f70fbf9151df347b46cbbf1ae5fbdace96c1f5d1
SHA512

ded468c45e1e40c85e5125ddfacdd1fc5afc672b3cb84665ee7320ffb88241e71c4bf6f09e0901e89453f37bbc318bce2164eca45b621517923e9ab96ca16652
SSDEEP

24576:qKeyxTAJj7PV/s4k+oW6itPl6pMurAJYMTIx:qKeyRA/t6+PMp2F6

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
5036	viwqazo.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\flho\viwqazo.exe	4069d37771d0e537cd027622e79628a9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 5036	4464	4069d37771d0e537cd027622e79628a9.exe	20
PID 4464 wrote to memory of 5036	4464	4069d37771d0e537cd027622e79628a9.exe	20
PID 4464 wrote to memory of 5036	4464	4069d37771d0e537cd027622e79628a9.exe	20

C:\Users\Admin\AppData\Local\Temp\4069d37771d0e537cd027622e79628a9.exe
"C:\Users\Admin\AppData\Local\Temp\4069d37771d0e537cd027622e79628a9.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Program Files (x86)\flho\viwqazo.exe
  "C:\Program Files (x86)\flho\viwqazo.exe"
  2⤵
  - Executes dropped EXE
  PID:5036

memory/4464-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4464-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4464-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5036-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5036-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download