9758ee9d7ee86a4269062dbb5e8f273b9d9f61019e071436357b99c8f343c5f1

Analysis

max time kernel
90s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 14:33

Target

8c927174d555f3a40371be4d66639d62.exe
Size

887KB
MD5

8c927174d555f3a40371be4d66639d62
SHA1

8df1b39e36130962cc23734a09a76d8ee84ad41d
SHA256

9758ee9d7ee86a4269062dbb5e8f273b9d9f61019e071436357b99c8f343c5f1
SHA512

0a8a14ecbbc6c973f32c1d3d774e5136cba25e21be3baee972605d1c3c31019f7d7cb6374ff583f9bf0da9c60bd290d2eabc0f6f423c3a28cf196a267bb29c01
SSDEEP

12288:MLry/neyx7f/A64j7PYV3H/BxJsQYrFy698hi2hT4wgfP3xeb07snchWhz9:qKeyxTAJj7PYJvYN9+i2Z4wWht7sncwp

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
432	aws.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\yehbrurvne\aws.exe	8c927174d555f3a40371be4d66639d62.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 432	1940	8c927174d555f3a40371be4d66639d62.exe	21
PID 1940 wrote to memory of 432	1940	8c927174d555f3a40371be4d66639d62.exe	21
PID 1940 wrote to memory of 432	1940	8c927174d555f3a40371be4d66639d62.exe	21

C:\Users\Admin\AppData\Local\Temp\8c927174d555f3a40371be4d66639d62.exe
"C:\Users\Admin\AppData\Local\Temp\8c927174d555f3a40371be4d66639d62.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files (x86)\yehbrurvne\aws.exe
  "C:\Program Files (x86)\yehbrurvne\aws.exe"
  2⤵
  - Executes dropped EXE
  PID:432

C:\Program Files (x86)\yehbrurvne\aws.exe

Filesize
910KB

MD5
8d26e464aea682fb19555f652fb75f16

SHA1
0122aedaa8ec8f608c10c184c51a5a3584293681

SHA256
fa0c7fd4b0eb6cf84bae500079d8c9b723102fc0d3fc606a7a38f2a82321dbe8

SHA512
0ec7ebf50e61d4a4c9ad3a9250f039e3ddab7816c23a3b995e23f8fefa02a3de1a986e443a2eab2024d65327bedfd7c7133bbacf16b0dff391ff98dacf310cbf

Download Submit
memory/432-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/432-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1940-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1940-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1940-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download