60b6e52bee9cbcdd78b4a14ecb4eeaacc06cf240c13f4048784d7005381aad12

Analysis

max time kernel
147s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 22:11

Target

a0770cd6ce00085fd442ec5afcf194fc.exe
Size

407KB
MD5

a0770cd6ce00085fd442ec5afcf194fc
SHA1

3bb0493abcaad0978abae7ebc1652cc1c03120ac
SHA256

60b6e52bee9cbcdd78b4a14ecb4eeaacc06cf240c13f4048784d7005381aad12
SHA512

87a54656fec1913af04aca82b5d41bcc8b68913463ade2ebfd26382080b6537096af90311a2da0f4e9d41f4688dfeb2fc1ee79a87dd709f0cf8bbfbb7e87e86d
SSDEEP

6144:MTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh36rSLL64j7W4+yQrOx5Yszv8QnqZne:MLry/neyx7f/A64j7P+tixhT87ne

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3180	cl.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ewuialzk\cl.exe	a0770cd6ce00085fd442ec5afcf194fc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3232 wrote to memory of 3180	3232	a0770cd6ce00085fd442ec5afcf194fc.exe	87
PID 3232 wrote to memory of 3180	3232	a0770cd6ce00085fd442ec5afcf194fc.exe	87
PID 3232 wrote to memory of 3180	3232	a0770cd6ce00085fd442ec5afcf194fc.exe	87

C:\Users\Admin\AppData\Local\Temp\a0770cd6ce00085fd442ec5afcf194fc.exe
"C:\Users\Admin\AppData\Local\Temp\a0770cd6ce00085fd442ec5afcf194fc.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3232
- C:\Program Files (x86)\ewuialzk\cl.exe
  "C:\Program Files (x86)\ewuialzk\cl.exe"
  2⤵
  - Executes dropped EXE
  PID:3180

C:\Program Files (x86)\ewuialzk\cl.exe

Filesize
415KB

MD5
8e902f3994e321561384b0b6d0974236

SHA1
b185efc18c9c0364d6f554576d28d7eafa84a6b3

SHA256
1a71a7a9833a25508433b4dd6580d29c426ad976f8e5b728e6057157e6dc3e3d

SHA512
e7312125d7d8a440498bf106b4f95599b033589ce99bc7210319fc166a4e1355364de6bd2239c6806c12dd265b7f041b8926530edcc686a06b26e0399911ebb0

Download Submit
memory/3180-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3180-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3180-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3232-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3232-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3232-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download