3fe5a4c91a9aaa512e3ad94fada750ee34eeb97d602368dd5edd97aa55a98361

Analysis

max time kernel
132s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 12:37

Target

text.scr
Size

76KB
MD5

9f273fb9b89bcaecc09740a08bb323f0
SHA1

e30028f0924770ce4ace3ab6360b7b79025f3356
SHA256

1b6ae6137baf03eaf2be42d5591381f2fe84d13111be5dd5b8d75dbfbfbc283f
SHA512

edd5777e4cc7249271d67eef40b8f89365725a23cbd0d2e12ba936738554302d4b6db1d9c7775ae999970ca21de90f17d47343e57bf26731009ffe3865494ade
SSDEEP

768:KhrjraNxlczzRHJ63AtecEoDecpJpDnxf6OC0conu4IO7migLV7NMDoLCSSSSSSr:KtOPSbjxlpfrgonuWmvntS

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2608	taskgmrr.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\taskgmrr.exe	text.scr
File opened for modification	C:\Windows\SysWOW64\taskgmrr.exe	text.scr

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 2608	3916	text.scr	85
PID 3916 wrote to memory of 2608	3916	text.scr	85
PID 3916 wrote to memory of 2608	3916	text.scr	85

C:\Users\Admin\AppData\Local\Temp\text.scr
"C:\Users\Admin\AppData\Local\Temp\text.scr" /S
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Windows\SysWOW64\taskgmrr.exe
  C:\Windows\system32\taskgmrr.exe
  2⤵
  - Executes dropped EXE
  PID:2608

C:\Windows\SysWOW64\taskgmrr.exe

Filesize
76KB

MD5
9f273fb9b89bcaecc09740a08bb323f0

SHA1
e30028f0924770ce4ace3ab6360b7b79025f3356

SHA256
1b6ae6137baf03eaf2be42d5591381f2fe84d13111be5dd5b8d75dbfbfbc283f

SHA512
edd5777e4cc7249271d67eef40b8f89365725a23cbd0d2e12ba936738554302d4b6db1d9c7775ae999970ca21de90f17d47343e57bf26731009ffe3865494ade

Download Submit
memory/2608-6-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/3916-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/3916-5-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download