1752d025d3564843ac270658b22f1c04a9496b8b60b972b3db4513d2f0a511a1

Analysis

max time kernel
12s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2024 01:54

Target

44fbda00636f271783f9a551e53ad9d2.exe
Size

359KB
MD5

44fbda00636f271783f9a551e53ad9d2
SHA1

ce94c1c411f5ccf409ee82f232e2cf34d44528a9
SHA256

1752d025d3564843ac270658b22f1c04a9496b8b60b972b3db4513d2f0a511a1
SHA512

3ebbef1974a36d81342f5385c146642371142341c10538cd4700ab6f7f305b02c72e01b36418418252006fd96f2495b4481ca8dc0e298d40213bde235a1b947c
SSDEEP

3072:QsHaRsJZZZHpeBCsvDrGPd3o+223sJn0xveYt4ry+:lMkZfwFvuFqws+e+4ry+

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1196	svchost.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\bhWUJrk\svchost.exe	44fbda00636f271783f9a551e53ad9d2.exe
File created	C:\Windows\aRuHPQE.dll	svchost.exe
File created	C:\Windows\IHEDPOT.dll	44fbda00636f271783f9a551e53ad9d2.exe
File created	C:\Windows\bhWUJrk\svchost.exe	44fbda00636f271783f9a551e53ad9d2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1196	svchost.exe
1196	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1196	1584	44fbda00636f271783f9a551e53ad9d2.exe	20
PID 1584 wrote to memory of 1196	1584	44fbda00636f271783f9a551e53ad9d2.exe	20
PID 1584 wrote to memory of 1196	1584	44fbda00636f271783f9a551e53ad9d2.exe	20

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1196-18-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1196-22-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1196-35-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1196-14-0x00000000005C0000-0x00000000005C3000-memory.dmp

Filesize
12KB

Download
memory/1196-34-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1196-24-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1196-15-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1196-17-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1196-10-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1196-20-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1584-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1584-1-0x0000000000540000-0x0000000000543000-memory.dmp

Filesize
12KB

Download
memory/1584-11-0x0000000000540000-0x0000000000543000-memory.dmp

Filesize
12KB

Download
memory/1584-9-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download