ef0087602e77b5db21befc2070268271f93ca7647352e8a2bedfef676f94bd66

Analysis

max time kernel
160s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 19:27

Target

41b775aead1e83c01f256f1f8d024d30.exe
Size

638KB
MD5

41b775aead1e83c01f256f1f8d024d30
SHA1

fac5a1f2d5937cf01e306759676b7ed2ab208acf
SHA256

ef0087602e77b5db21befc2070268271f93ca7647352e8a2bedfef676f94bd66
SHA512

e3666b9664f49df86f074d4d2fdf22350cacabfea1e75b088ff16d98e7f3b05e1b4a7fe0fa0144c98bfed01e83aac8ea0b4f61674fd9cd747ff711efa6beb973
SSDEEP

12288:MLry/neyx7f/A64j7PV/F2VC+QyHDaiyJ2WvyiRPsbZQdLjngno9:qKeyxTAJj7PV/s4k+oW6itPl6w

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4636	tt.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\eaolufr\tt.exe	41b775aead1e83c01f256f1f8d024d30.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 4636	556	41b775aead1e83c01f256f1f8d024d30.exe	89
PID 556 wrote to memory of 4636	556	41b775aead1e83c01f256f1f8d024d30.exe	89
PID 556 wrote to memory of 4636	556	41b775aead1e83c01f256f1f8d024d30.exe	89

C:\Users\Admin\AppData\Local\Temp\41b775aead1e83c01f256f1f8d024d30.exe
"C:\Users\Admin\AppData\Local\Temp\41b775aead1e83c01f256f1f8d024d30.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files (x86)\eaolufr\tt.exe
  "C:\Program Files (x86)\eaolufr\tt.exe"
  2⤵
  - Executes dropped EXE
  PID:4636

C:\Program Files (x86)\eaolufr\tt.exe

Filesize
656KB

MD5
489844a643672e5c98850568bcbe2214

SHA1
0af6de02274dc53ec9b6059bc4d8481bacfe65e2

SHA256
1b135216c1c780bb64ede3b7c7042f0b8cdc807dcf9b7c733fbd30cca2adb143

SHA512
8e5133a287f24a73e16a02ee8829c650839c02d81fa8d2aed2ae97e70865d6a9481856b20ac009573da2fc20e6843779a6ce838dfb2330aaa5e6a2931b8a83a7

Download Submit
C:\Program Files (x86)\eaolufr\tt.exe

Filesize
484KB

MD5
7975e82e41a813fa496bae16ca6476f3

SHA1
f996b1d4163a5f429edbf88a1686a2260c798023

SHA256
0d07f628ebbd553db81cc7675ac22cabffa1e9a5d66c0bb47be7ed9485614962

SHA512
e7d8a158a82281e727b59726f29e6b4d52c9d46fc4bb1395852f6f5be9042aff7525e40e225ec7f8c19177908f5c699df08b57baf615b871dd9ad90662f959a0

Download Submit
memory/556-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/556-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/556-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4636-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4636-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download