03dd4cbc904b65b76102c520c7eb41c90b16b8cdcf15d61e33e998f77512c314

Analysis

max time kernel
153s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 02:53

Target

5549597c807083a16cc14e3ca3478d53.exe
Size

974KB
MD5

5549597c807083a16cc14e3ca3478d53
SHA1

8ddf212ba1e32751a147af7cebaaf284c0181dd7
SHA256

03dd4cbc904b65b76102c520c7eb41c90b16b8cdcf15d61e33e998f77512c314
SHA512

4de47cc12ba2502b1f0cf7264b0b379ac32f9317d3b82a4d09f38e6bfbab4ac59b844cc81f0bbd665b67a77d1da938ac1e9c5e8ef796b60a7811a110af3e88ef
SSDEEP

24576:7zXKqa8SEijjC+37liXbLbklmfB6v+bgoJnNwkBK:7z6qaakjC+3srLAKB6WFBK

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3508	yljdadg.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\zdfygfbqa\yljdadg.exe	5549597c807083a16cc14e3ca3478d53.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 3508	920	5549597c807083a16cc14e3ca3478d53.exe	86
PID 920 wrote to memory of 3508	920	5549597c807083a16cc14e3ca3478d53.exe	86
PID 920 wrote to memory of 3508	920	5549597c807083a16cc14e3ca3478d53.exe	86

C:\Users\Admin\AppData\Local\Temp\5549597c807083a16cc14e3ca3478d53.exe
"C:\Users\Admin\AppData\Local\Temp\5549597c807083a16cc14e3ca3478d53.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\zdfygfbqa\yljdadg.exe
  "C:\Program Files (x86)\zdfygfbqa\yljdadg.exe"
  2⤵
  - Executes dropped EXE
  PID:3508

C:\Program Files (x86)\zdfygfbqa\yljdadg.exe

Filesize
121KB

MD5
0364efb20175c38b35e57c038895e810

SHA1
fa38c4d3ee6a16d0562c0c68cec70f2b6da18411

SHA256
7956526bbf30f65b5abf85da1ab0af19089532661b8d89c0370770ff75336908

SHA512
bddda6385052fd1d5a09aaae7affa1e4b376ee1ad4f3e15cee5ab8da2314025bca59283cda0a8537aaea0b703db86f971bdef297d2626dc968a9382b011ce5c2

Download Submit
C:\Program Files (x86)\zdfygfbqa\yljdadg.exe

Filesize
96KB

MD5
25159ab0253b91ee05c607f24c026ead

SHA1
35a6edf274ade18ac5ac42c6b39bbb38da9eb441

SHA256
9980b4bfac53e44dd0d8633d10d42b5b98bab1d07c94f8afd19229635c9d4952

SHA512
ce92c8325fdd1692fde27cf3eec518e25efae0eda58dd0b0051236340ec19ef57a70d8ddd16c19092c2e07efff61dcbcc3147320acc868bef53b3c53a948bd76

Download Submit
memory/920-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/920-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/920-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3508-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3508-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download