002071cc3fd4a6817c6c2fae8c87243a391e071a1106c1f78e0a2d23a7628494

Analysis

max time kernel
161s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2024 23:16

Target

476bf6b62e70298725d72bd0a872c15b.exe
Size

1.2MB
MD5

476bf6b62e70298725d72bd0a872c15b
SHA1

d86827d891f59edae82d81a7a4dc91f050f3a8c8
SHA256

002071cc3fd4a6817c6c2fae8c87243a391e071a1106c1f78e0a2d23a7628494
SHA512

33d993eca2e16befcba74ce51974bf1397d6e26a2850ddde9079623b122ae8d4ca027625dd97f7d1d50017550557fb66c4770b4de90ffc2481eb9099e4e443be
SSDEEP

24576:vIc85po57ilpU4oJOnZB+O7LUwqAaFMR2mPGONiKFjRTzfEo:vIc85po5wpUfTkBesJPGONikjRTzz

Score

4^/10

Drops file in Program Files directory 13 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\winsoft9\__tmp_rar_sfx_access_check_240652296	476bf6b62e70298725d72bd0a872c15b.exe
File created	C:\Program Files (x86)\winsoft9\3.vbs	476bf6b62e70298725d72bd0a872c15b.exe
File opened for modification	C:\Program Files (x86)\winsoft9\1.vbs	476bf6b62e70298725d72bd0a872c15b.exe
File opened for modification	C:\Program Files (x86)\winsoft9\test.exe	476bf6b62e70298725d72bd0a872c15b.exe
File created	C:\Program Files (x86)\winsoft9\1.vbs	476bf6b62e70298725d72bd0a872c15b.exe
File opened for modification	C:\Program Files (x86)\winsoft9\WINDOWS	476bf6b62e70298725d72bd0a872c15b.exe
File opened for modification	C:\Program Files (x86)\winsoft9	476bf6b62e70298725d72bd0a872c15b.exe
File opened for modification	C:\Program Files (x86)\winsoft9\3.vbs	476bf6b62e70298725d72bd0a872c15b.exe
File created	C:\Program Files (x86)\winsoft9\WINDOWS\time\mian.dil	476bf6b62e70298725d72bd0a872c15b.exe
File opened for modification	C:\Program Files (x86)\winsoft9\WINDOWS\time\mian.dil	476bf6b62e70298725d72bd0a872c15b.exe
File created	C:\Program Files (x86)\winsoft9\test.exe	476bf6b62e70298725d72bd0a872c15b.exe
File created	C:\Program Files (x86)\winsoft9\bho.exe	476bf6b62e70298725d72bd0a872c15b.exe
File opened for modification	C:\Program Files (x86)\winsoft9\WINDOWS\time	476bf6b62e70298725d72bd0a872c15b.exe

C:\Users\Admin\AppData\Local\Temp\476bf6b62e70298725d72bd0a872c15b.exe
"C:\Users\Admin\AppData\Local\Temp\476bf6b62e70298725d72bd0a872c15b.exe"
1⤵
- Drops file in Program Files directory
PID:2984

memory/2984-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2984-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download