59c89afa4002f8bd19b7779de57f0bd6e166d8d50089bdcef2932bcf5fe69924

Analysis

max time kernel
132s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 03:37

Target

9860b7bde0f219d2fdc832b556bb70e2.exe
Size

92KB
MD5

9860b7bde0f219d2fdc832b556bb70e2
SHA1

362c4ec036cb8297a942ce68604e2c68b3b42cd5
SHA256

59c89afa4002f8bd19b7779de57f0bd6e166d8d50089bdcef2932bcf5fe69924
SHA512

bd1a2984947cabd442c2d428b09dc337c00a4d63ece5347345daa742d55775bb625fcc53035cc92148a417471f5877af880c413d05b683f36c53887949f74fe2
SSDEEP

768:c0TurnKp5jqKdUcCyDMgs/Osp3rYRkUoszQT022UNyjG6sGmM2g:hUntKOcCyDMgU/PO+y66sVp

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
1524	ODBCJET.exe
5092	ODBCJET.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Del.bat	9860b7bde0f219d2fdc832b556bb70e2.exe
File created	C:\Windows\SysWOW64\ODBCJET.exe	9860b7bde0f219d2fdc832b556bb70e2.exe
File opened for modification	C:\Windows\SysWOW64\ODBCJET.exe	9860b7bde0f219d2fdc832b556bb70e2.exe
File created	C:\Windows\SysWOW64\ODBCJET.exe	ODBCJET.exe
File created	C:\Windows\SysWOW64\Del.bat	ODBCJET.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 1524	3336	9860b7bde0f219d2fdc832b556bb70e2.exe	22
PID 3336 wrote to memory of 1524	3336	9860b7bde0f219d2fdc832b556bb70e2.exe	22
PID 3336 wrote to memory of 1524	3336	9860b7bde0f219d2fdc832b556bb70e2.exe	22
PID 1524 wrote to memory of 5092	1524	ODBCJET.exe	21
PID 1524 wrote to memory of 5092	1524	ODBCJET.exe	21
PID 1524 wrote to memory of 5092	1524	ODBCJET.exe	21
PID 1524 wrote to memory of 1944	1524	ODBCJET.exe	20
PID 1524 wrote to memory of 1944	1524	ODBCJET.exe	20
PID 1524 wrote to memory of 1944	1524	ODBCJET.exe	20
PID 3336 wrote to memory of 3124	3336	9860b7bde0f219d2fdc832b556bb70e2.exe	19
PID 3336 wrote to memory of 3124	3336	9860b7bde0f219d2fdc832b556bb70e2.exe	19
PID 3336 wrote to memory of 3124	3336	9860b7bde0f219d2fdc832b556bb70e2.exe	19

C:\Users\Admin\AppData\Local\Temp\9860b7bde0f219d2fdc832b556bb70e2.exe
"C:\Users\Admin\AppData\Local\Temp\9860b7bde0f219d2fdc832b556bb70e2.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\system32\Del.bat
  2⤵
  PID:3124
- C:\Windows\SysWOW64\ODBCJET.exe
  C:\Windows\system32\ODBCJET.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1524

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\system32\Del.bat
1⤵
PID:1944

C:\Windows\SysWOW64\Del.bat

Filesize
127B

MD5
ee2f2b6e37ab02606bfdf8ff7f1c6d01

SHA1
3e29dbdb4c929741e283730d59b5377438083069

SHA256
522ad65214a6860ae889eb74353f5d83658c5ded278aef344b79aa9fd4276bfb

SHA512
eb0ae3fc0f3ebd8f4c600b8e2b985e3868a6299b99b32de6fe065353d3bc9075f955dd66797c2747e430eacdb79acc3525174886353f9120494f1091f13b5206

Download Submit
C:\Windows\SysWOW64\ODBCJET.exe

Filesize
31KB

MD5
07d6772e783725b48a05a7509b534651

SHA1
2491fc0635fea2a6f99ffd82a77d8d5ed90afa2c

SHA256
767accb85ac59c08f8e748c4bb021335a8c74251d9b34ab60af4e5ddfb6119eb

SHA512
cb3d8546cf78e8b9f0f62f608c8dc186ff08af2425e19a2da98e0e39e9f9f27e3756711cb3a679d77b192ddc8e36cd650791c2e7be5ae6d431e342abdb7dba66

Download Submit
C:\Windows\SysWOW64\ODBCJET.exe

Filesize
23KB

MD5
3f54a033e516c032ec71cd0a995c6031

SHA1
8849e69d11cc8d78f5d66db7d8db0fe3e478975c

SHA256
bb3179299bb6e148f489680be06e7cfa6a7a2f42d803b0c96497123378a5fca9

SHA512
faedff93d6f981d8dc1bafea7716937829bb26a2025f20de14c1baa019cf9c6865e9ada201cab4963c89292bec9507c32d9c5fdc2299d5086e072145c22ef9fb

Download Submit
C:\Windows\SysWOW64\ODBCJET.exe

Filesize
19KB

MD5
a7d43651c15384c5150ac5f449548bbe

SHA1
d28d0f6e00573fc99caf5e1e6e1758cd055054a3

SHA256
6279ba7db1ad700f50df91f05a53bfe6704c062b4a145dd57ac7481b16488c51

SHA512
947bd31ca3213d3f4d670aaf0d0e29512088e3f3471e924199a60e655f3fa2e43f7c5ef138ee7b53fc831de319db24d5604f2ac36d70b65384981162f9d6842a

Download Submit