dbd74615266beda0bce1fdafa02b16051e324d88b82da93235e3b52c7a08c3ac

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 08:13

Target

586def827956e53c51e586505d2451f5.exe
Size

88KB
MD5

586def827956e53c51e586505d2451f5
SHA1

cc09103f934b561db41dfad7ef3f60817aab90fa
SHA256

dbd74615266beda0bce1fdafa02b16051e324d88b82da93235e3b52c7a08c3ac
SHA512

8a4902c55c80061b58a7c2dbaf34916ca36e00be96e1bf4682b310254878e0e90a5e4c47055edbe0cdfaa5c206eecb4bcef0a4f960ff49c835f0bd852144be3a
SSDEEP

1536:nLPFdtOaDq3OBweZGRSTQy5Aw8IA4AqNVbcAtInH9FbDfEyzX2eupC6qc9I7fs8f:nLPFdsaW3MNFZAw8INAScKI1jLGeuptA

Score

4^/10

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\glok+27fa-7ea2.sys	586def827956e53c51e586505d2451f5.exe
File created	C:\Windows\glok+serv.config	586def827956e53c51e586505d2451f5.exe
File opened for modification	C:\Windows\glok+serv.config	586def827956e53c51e586505d2451f5.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
484	Process not Found

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2456	2148	586def827956e53c51e586505d2451f5.exe	28
PID 2148 wrote to memory of 2456	2148	586def827956e53c51e586505d2451f5.exe	28
PID 2148 wrote to memory of 2456	2148	586def827956e53c51e586505d2451f5.exe	28
PID 2148 wrote to memory of 2456	2148	586def827956e53c51e586505d2451f5.exe	28
PID 2148 wrote to memory of 2204	2148	586def827956e53c51e586505d2451f5.exe	29
PID 2148 wrote to memory of 2204	2148	586def827956e53c51e586505d2451f5.exe	29
PID 2148 wrote to memory of 2204	2148	586def827956e53c51e586505d2451f5.exe	29
PID 2148 wrote to memory of 2204	2148	586def827956e53c51e586505d2451f5.exe	29
PID 2204 wrote to memory of 2744	2204	w32tm.exe	32
PID 2204 wrote to memory of 2744	2204	w32tm.exe	32
PID 2204 wrote to memory of 2744	2204	w32tm.exe	32
PID 2204 wrote to memory of 2744	2204	w32tm.exe	32
PID 2456 wrote to memory of 3016	2456	w32tm.exe	33
PID 2456 wrote to memory of 3016	2456	w32tm.exe	33
PID 2456 wrote to memory of 3016	2456	w32tm.exe	33
PID 2456 wrote to memory of 3016	2456	w32tm.exe	33

C:\Windows\glok+serv.config

Filesize
7KB

MD5
e22a47defa3dcca817df6c896a33a879

SHA1
a4fe30f4f1884409d00904e6dd606d1d65b8af68

SHA256
d19b0ebc64d31e2e5030dd890707a3ab7ead1e5a4d59076da21597eada2a9618

SHA512
1c49d1b1d18ea0c9b5c07b4fb6f9cf36e420b0680a9a88917995176bcfaee664306006a6bf7551b36b5afca03bae7a21227d2eae4a6600005fec76bd6b767da7

Download Submit