bc65d05f8f964059c71553392b0bdbeb3a1c6ca1c323a06fc8ba562ca15f0c17

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 13:21

Target

7259c627dfcf8cc345bc5f5e14b9dafb.exe
Size

1.1MB
MD5

7259c627dfcf8cc345bc5f5e14b9dafb
SHA1

7b80eee31b01cd74bb418304cfbb5e52af423f11
SHA256

bc65d05f8f964059c71553392b0bdbeb3a1c6ca1c323a06fc8ba562ca15f0c17
SHA512

ed4187d3c6575206da509807e3de2cf9d4d2a5f213a5967e84868fb8054696fc8a3ba61983d613384088bd4ead1a990c3377e6fa6d1ecf58907b67c886d3bdb5
SSDEEP

24576:7zXKqa8SEijjC+37liXbLbklmfB6/tbQdSmKBQXoZuH:7z6qaakjC+3srLAKB61bQd3KaXouH

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4684	xafbbdhpvxt.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\rvas\xafbbdhpvxt.exe	7259c627dfcf8cc345bc5f5e14b9dafb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 4684	1592	7259c627dfcf8cc345bc5f5e14b9dafb.exe	56
PID 1592 wrote to memory of 4684	1592	7259c627dfcf8cc345bc5f5e14b9dafb.exe	56
PID 1592 wrote to memory of 4684	1592	7259c627dfcf8cc345bc5f5e14b9dafb.exe	56

C:\Users\Admin\AppData\Local\Temp\7259c627dfcf8cc345bc5f5e14b9dafb.exe
"C:\Users\Admin\AppData\Local\Temp\7259c627dfcf8cc345bc5f5e14b9dafb.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files (x86)\rvas\xafbbdhpvxt.exe
  "C:\Program Files (x86)\rvas\xafbbdhpvxt.exe"
  2⤵
  - Executes dropped EXE
  PID:4684

C:\Program Files (x86)\rvas\xafbbdhpvxt.exe

Filesize
1.1MB

MD5
a670e1550a021ef4bba460a0a67307b8

SHA1
72fa65fa275f9fb010b2234f0e908ac37b2cdbb7

SHA256
02ecb8fa7ca96aba04a78eba4442e386984b631e5cf8141684a1b4f660c36f5d

SHA512
02c7757e715905e9962f16f30eed70d25f83766060413bbc7ba7e53346c2070be1673f6c11b34de8be523b6d42eb17db8dc77615d861aed2d0dd4aed72507f7b

Download Submit
memory/1592-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1592-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1592-4-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4684-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4684-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download