16dcd002b4c8872bafd2151f92f550bcc2f49350370906ee3bc85fde351e0f2b

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 06:09

Target

a124029e8318be23855a1868458d6380.exe
Size

100KB
MD5

a124029e8318be23855a1868458d6380
SHA1

765aa0c0ae575ba63eea2a43340b2ff5b92950ad
SHA256

16dcd002b4c8872bafd2151f92f550bcc2f49350370906ee3bc85fde351e0f2b
SHA512

e147a0bc2651bc32f665103d73413787e88df7aa0e5d9fcbfc48e3ffcbe2df3a59d1975dcfa25ec84c8100a7f97c96fe03e3ae02d6b4276eb04d3953e6092da9
SSDEEP

1536:2UTIOW/eGheFMyLo7EucDah6XpPF0PlXl0ShW/MW+EA310JD:2EIHhcMyLojIYPP0Dn+EA310JD

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4284	WAIIMS.EXE

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\SysWOW64\WAIIMS.EXE	a124029e8318be23855a1868458d6380.exe
File created	C:\WINDOWS\SysWOW64\WAIIMS.EXE	WAIIMS.EXE
File created	C:\WINDOWS\SysWOW64\WAIIMS.EXE	a124029e8318be23855a1868458d6380.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 4284	1132	a124029e8318be23855a1868458d6380.exe	85
PID 1132 wrote to memory of 4284	1132	a124029e8318be23855a1868458d6380.exe	85
PID 1132 wrote to memory of 4284	1132	a124029e8318be23855a1868458d6380.exe	85

C:\Windows\SysWOW64\WAIIMS.EXE

Filesize
100KB

MD5
a124029e8318be23855a1868458d6380

SHA1
765aa0c0ae575ba63eea2a43340b2ff5b92950ad

SHA256
16dcd002b4c8872bafd2151f92f550bcc2f49350370906ee3bc85fde351e0f2b

SHA512
e147a0bc2651bc32f665103d73413787e88df7aa0e5d9fcbfc48e3ffcbe2df3a59d1975dcfa25ec84c8100a7f97c96fe03e3ae02d6b4276eb04d3953e6092da9

Download Submit