35979e208b566f8ca353a5a6e9aa9b36290469c164774523303e4f2017d11ee8

Analysis

max time kernel
131s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2024 05:35

Target

456a949e199b029b8ced8fd414226282.exe
Size

1.1MB
MD5

456a949e199b029b8ced8fd414226282
SHA1

fdd5d8ca2390faaede3158751e5808a397ca9331
SHA256

35979e208b566f8ca353a5a6e9aa9b36290469c164774523303e4f2017d11ee8
SHA512

b0e874245e274ee86852cf9a4265b67bfc6cb360fe25126032d4a6eea2db6ad9d8e89568e0d69d7e33c8abfb34aa1cdc47d81b95c85442f0f6d5b69f2833ab10
SSDEEP

24576:qKeyxTAJnMHn36sQ7H/yQQuYmlswByeiGZAw1cR:qKeyRAJe3LqaCY4LyeLZbc

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4508	ovsbgv.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wwve\ovsbgv.exe	456a949e199b029b8ced8fd414226282.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 4508	2172	456a949e199b029b8ced8fd414226282.exe	19
PID 2172 wrote to memory of 4508	2172	456a949e199b029b8ced8fd414226282.exe	19
PID 2172 wrote to memory of 4508	2172	456a949e199b029b8ced8fd414226282.exe	19

C:\Users\Admin\AppData\Local\Temp\456a949e199b029b8ced8fd414226282.exe
"C:\Users\Admin\AppData\Local\Temp\456a949e199b029b8ced8fd414226282.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\wwve\ovsbgv.exe
  "C:\Program Files (x86)\wwve\ovsbgv.exe"
  2⤵
  - Executes dropped EXE
  PID:4508

C:\Program Files (x86)\wwve\ovsbgv.exe

Filesize
1.1MB

MD5
152f7995e4ed53a6d0a08cefb353fe4f

SHA1
61e3331e559f4d59a75ec7e1b969718e452e0960

SHA256
99a3c2a8eac8b3e8318e68f4192216e59e7fe5f852db9a3f6b95bf2448563aa8

SHA512
dfd93b377492d4503311c72fad0a209e48c0a4359576efc68cabf42910c4f45fdcba43e4f9f4abf187238e51a40214af67c2491e862e2fb7834ee87c8b884081

Download Submit
memory/2172-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2172-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2172-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4508-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4508-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download