e1ce23ecbc870e1aa1bc79cec54af0d13ddec7c00870fbdd5bba6fc56d14cb66

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 03:52

Target

765036d77afb2c23defd84e520ec9d7d.exe
Size

459KB
MD5

765036d77afb2c23defd84e520ec9d7d
SHA1

abf295ec2acce422ce8225090a4cf94988c52efc
SHA256

e1ce23ecbc870e1aa1bc79cec54af0d13ddec7c00870fbdd5bba6fc56d14cb66
SHA512

8b90f6b8e39f992485da967ec0c62817860d34ea7bfbe127209061a70d986db9e8d27fb940f9fb129e8ea58f7c3e94ec436cdac2183eeb2572a268a1af691897
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8nWfUFkF7U:qKeyxTAJj7P+yWwFY

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2680	hxota.exe

Loads dropped DLL 1 IoCs

pid	Process
3016	765036d77afb2c23defd84e520ec9d7d.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\tojixsw\hxota.exe	765036d77afb2c23defd84e520ec9d7d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2680	3016	765036d77afb2c23defd84e520ec9d7d.exe	17
PID 3016 wrote to memory of 2680	3016	765036d77afb2c23defd84e520ec9d7d.exe	17
PID 3016 wrote to memory of 2680	3016	765036d77afb2c23defd84e520ec9d7d.exe	17
PID 3016 wrote to memory of 2680	3016	765036d77afb2c23defd84e520ec9d7d.exe	17

C:\Users\Admin\AppData\Local\Temp\765036d77afb2c23defd84e520ec9d7d.exe
"C:\Users\Admin\AppData\Local\Temp\765036d77afb2c23defd84e520ec9d7d.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files (x86)\tojixsw\hxota.exe
  "C:\Program Files (x86)\tojixsw\hxota.exe"
  2⤵
  - Executes dropped EXE
  PID:2680

C:\Program Files (x86)\tojixsw\hxota.exe

Filesize
478KB

MD5
2f317a5a1a5e1d59f44c00694540b81e

SHA1
da46f5b723f2793666f8951139cc4ce872fe5cf2

SHA256
b48f54c7460c0bc9fb82a3ec400b7b2a22ff7b28d91fea2f966971aabbff815f

SHA512
490991d0425b3b8260cec2514e89903a8f65341bd2ce431b04fd7c2ee18b34abbbe721694031d01793700809e3949db68a5e6ecedff8049ed783dcd9ce0cafe8

Download Submit
memory/2680-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2680-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3016-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3016-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3016-6-0x0000000001D50000-0x0000000001DE4000-memory.dmp

Filesize
592KB

Download
memory/3016-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download