bfec75be2d912e685772a62692fc641b22c6d2bae2b46f9c2fafda7cc58b9b19

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 09:05

Target

71d20d5691ccc04ffbd0fc1b5103bd6f.exe
Size

915KB
MD5

71d20d5691ccc04ffbd0fc1b5103bd6f
SHA1

fe4f368398a07b27822719ec7dd8213e2f335534
SHA256

bfec75be2d912e685772a62692fc641b22c6d2bae2b46f9c2fafda7cc58b9b19
SHA512

1f4d2fda3ab0a1a0bae096d4cf8290bf7fae158ced159777ecc24e6f4ca8376030377a62ec313277173ea87a102dad8c127f636b3774c2bb328b5b97ce6f77aa
SSDEEP

24576:7zXKqa8SEijjC+37liXbLbklmfB6vdinSW:7z6qaakjC+3srLAKB61inl

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1956	bpqkjucnzvofw.exe

Loads dropped DLL 1 IoCs

pid	Process
1636	71d20d5691ccc04ffbd0fc1b5103bd6f.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\uckc\bpqkjucnzvofw.exe	71d20d5691ccc04ffbd0fc1b5103bd6f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1956	1636	71d20d5691ccc04ffbd0fc1b5103bd6f.exe	28
PID 1636 wrote to memory of 1956	1636	71d20d5691ccc04ffbd0fc1b5103bd6f.exe	28
PID 1636 wrote to memory of 1956	1636	71d20d5691ccc04ffbd0fc1b5103bd6f.exe	28
PID 1636 wrote to memory of 1956	1636	71d20d5691ccc04ffbd0fc1b5103bd6f.exe	28

C:\Users\Admin\AppData\Local\Temp\71d20d5691ccc04ffbd0fc1b5103bd6f.exe
"C:\Users\Admin\AppData\Local\Temp\71d20d5691ccc04ffbd0fc1b5103bd6f.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files (x86)\uckc\bpqkjucnzvofw.exe
  "C:\Program Files (x86)\uckc\bpqkjucnzvofw.exe"
  2⤵
  - Executes dropped EXE
  PID:1956

C:\Program Files (x86)\uckc\bpqkjucnzvofw.exe

Filesize
78KB

MD5
761a7ced6ac34e8f13b765a4cbca5bc2

SHA1
26775376ddd835e7f1b1fdaf967bea633e681799

SHA256
5d393eb576b5457da6b6b135dcb705b6f8a625bffab853d378521dae4c8eee85

SHA512
7b99b398b4b5d5b518affe331bfd2815bbf90b90e3c24c32edba88c763b2473bbe72fa1e50dd2d8ff337db3cdff16becfed89d7ddbda4e3a92fbad97c1abf7d4

Download Submit
\Program Files (x86)\uckc\bpqkjucnzvofw.exe

Filesize
115KB

MD5
554babf7ae4ad41ebb4a1f0cc06658be

SHA1
1b62412addd449c1cb19af20a9f06d90ea6d838b

SHA256
c927b7889e221fc2b15318e4bc982697428b7b571d62c25386135330534d139e

SHA512
8b56f8d10f45cf28f30ee68a513f6ecdab2a64be9816d2871e08e373c1e90721ea78a7d56dcebb9ffabf028f8aa955f15414519943f4c8cc32b488c764b6a6e3

Download Submit
memory/1636-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1636-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1636-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1956-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1956-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download