105e27d3ba0f30cf3404ea73ceb14432a9f07245cdb77cc064b2609f2780abe9

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 22:19

Target

87cf4f9973b2d664041b0425d8d08383.exe
Size

67KB
MD5

87cf4f9973b2d664041b0425d8d08383
SHA1

4cc1d49bbb7be297e7374e0f3d9b65d57800e7bb
SHA256

105e27d3ba0f30cf3404ea73ceb14432a9f07245cdb77cc064b2609f2780abe9
SHA512

d3235b2900b0f063966b7cc87289cab6988048e70831f370eb0283b376dc4a87ea129461195f80497898e55307c6986c8a9306d8f69dc3962d56ae01e2b0435b
SSDEEP

1536:v6ja5vjyne4smHgGOFx7QGabEBcuV7ptLZIDMVvPU+:VvjynxOFmQBcuVtIDuvPU+

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\zykyjunfllkmb3.sys	87cf4f9973b2d664041b0425d8d08383.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 1716	2632	87cf4f9973b2d664041b0425d8d08383.exe	85
PID 2632 wrote to memory of 1716	2632	87cf4f9973b2d664041b0425d8d08383.exe	85
PID 2632 wrote to memory of 1716	2632	87cf4f9973b2d664041b0425d8d08383.exe	85

C:\Users\Admin\AppData\Local\Temp\87cf4f9973b2d664041b0425d8d08383.exe
"C:\Users\Admin\AppData\Local\Temp\87cf4f9973b2d664041b0425d8d08383.exe"
1⤵
- Drops file in Drivers directory
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\thmrjilotlvn.bat
  2⤵
  PID:1716

C:\Users\Admin\AppData\Local\Temp\thmrjilotlvn.bat

Filesize
232B

MD5
a2c81835af3736a73dd3c8368f681657

SHA1
e3ca121956b78a927fcf2187dfdfdb188c2aafca

SHA256
f6c75d2b8c4e936cbd6f947fffbe9d72f81daa6f16fde73ee6433b3be86bc0c5

SHA512
8b2f38d0f9448cd8167fe5d3622228dd7fa4b193c9be0f60ae6fe90d51a61b6cf8382d3a7f74eb6af27882ed1de50f199e68f75694744b789fa6a343347d3596

Download Submit