11f22aa2ce429b8cd3519918b7a872a974f16937e0b87bf0953047576a1d6eba

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 07:10

Target

76b5f0b3c6fe8bddb8688d890784a7c4.exe
Size

867KB
MD5

76b5f0b3c6fe8bddb8688d890784a7c4
SHA1

b36048d13514846713dd94b6e3db6eebc165182b
SHA256

11f22aa2ce429b8cd3519918b7a872a974f16937e0b87bf0953047576a1d6eba
SHA512

5546bbee8d2f30ed4a255e629b7332dbbef8554ca80e074f77369c08e737e9b23818d4548eeeec3819375df1680ad87b1eddb90805e34e7c9b4a17406c95a7b3
SSDEEP

24576:qKeyxTAJj7P+yW6mc1YCwuv6ez8qufz/QQ49FcpS:qKeyRA0y9fWCw28lzYQ5S

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1344	dprxqquiomscw.exe

Loads dropped DLL 1 IoCs

pid	Process
828	76b5f0b3c6fe8bddb8688d890784a7c4.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\rfxhklb\dprxqquiomscw.exe	76b5f0b3c6fe8bddb8688d890784a7c4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 1344	828	76b5f0b3c6fe8bddb8688d890784a7c4.exe	28
PID 828 wrote to memory of 1344	828	76b5f0b3c6fe8bddb8688d890784a7c4.exe	28
PID 828 wrote to memory of 1344	828	76b5f0b3c6fe8bddb8688d890784a7c4.exe	28
PID 828 wrote to memory of 1344	828	76b5f0b3c6fe8bddb8688d890784a7c4.exe	28

C:\Users\Admin\AppData\Local\Temp\76b5f0b3c6fe8bddb8688d890784a7c4.exe
"C:\Users\Admin\AppData\Local\Temp\76b5f0b3c6fe8bddb8688d890784a7c4.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:828
- C:\Program Files (x86)\rfxhklb\dprxqquiomscw.exe
  "C:\Program Files (x86)\rfxhklb\dprxqquiomscw.exe"
  2⤵
  - Executes dropped EXE
  PID:1344

\Program Files (x86)\rfxhklb\dprxqquiomscw.exe

Filesize
884KB

MD5
bd42dbd178d676d7808b6a2c22f61a42

SHA1
0a2a5564ad0f2b8dc59704653606a4c4be9d7793

SHA256
36511a5469f29add15f7cc3ab4b17dcb652a05e9dae3cc18cd2b6f3c5b60817d

SHA512
7cc40ed88f6c588a65303778e62685da9b26a7387f287c51ddd0003ccc1ad275df088a37230abe99cb1c80fdfdecfc562bdf3c68a1e02c8a7bf39c8983249b93

Download Submit
memory/828-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/828-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/828-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1344-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1344-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download