4ff4311062479a636e32f2609b0e394ee72a41063e7183c78434ef8542a4f1f7

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 13:33

Target

998c63e4654f5b4dec97f908d5b66876.exe
Size

135KB
MD5

998c63e4654f5b4dec97f908d5b66876
SHA1

18aee570559638e94a7421d1bf175ca6bf4dd996
SHA256

4ff4311062479a636e32f2609b0e394ee72a41063e7183c78434ef8542a4f1f7
SHA512

788180e747a895229beffc84f20d34ee71131e059a05b75192957390870d2bb24a8be11f1a4ebf7e671341046e99da820dba766ede320f8b71c8d2b7b59a9ab2
SSDEEP

3072:KgKlBzXL9kOJ62km07gMR5qozqjzgR5LlSDyvJ8fbVajFtTr9Gsout:B8lL+06jm0ijkLlu5CvJoS

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4600	msprxysvc32.exe

Executes dropped EXE 1 IoCs

pid	Process
4600	msprxysvc32.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msprxysvc32.exe	998c63e4654f5b4dec97f908d5b66876.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	998c63e4654f5b4dec97f908d5b66876.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe
File created	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 4600	880	998c63e4654f5b4dec97f908d5b66876.exe	85
PID 880 wrote to memory of 4600	880	998c63e4654f5b4dec97f908d5b66876.exe	85
PID 880 wrote to memory of 4600	880	998c63e4654f5b4dec97f908d5b66876.exe	85
PID 4600 wrote to memory of 1236	4600	msprxysvc32.exe	93
PID 4600 wrote to memory of 1236	4600	msprxysvc32.exe	93
PID 4600 wrote to memory of 1236	4600	msprxysvc32.exe	93

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
136B

MD5
bfcf9cc6d1c37953dfa43312e2c36140

SHA1
07a4c0f29b282c34be24c312c4b920e479f4cee0

SHA256
bac7cce52aeba3a2e2ce2bb6aebf50ffa65530d0d51ca49a2abc7f4e43ce3ce5

SHA512
fb661474557e7168d4050607863b57649fa12a26ab9bd06078ae3254d003d76cfed4eac3d0a78a56eaf0ecc5b231d52788b6c8688cb14b0c86a37efe90f5f53a

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
998c63e4654f5b4dec97f908d5b66876

SHA1
18aee570559638e94a7421d1bf175ca6bf4dd996

SHA256
4ff4311062479a636e32f2609b0e394ee72a41063e7183c78434ef8542a4f1f7

SHA512
788180e747a895229beffc84f20d34ee71131e059a05b75192957390870d2bb24a8be11f1a4ebf7e671341046e99da820dba766ede320f8b71c8d2b7b59a9ab2

Download Submit
memory/880-0-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/880-8-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4600-7-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4600-9-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4600-11-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download