f0643d514d2a4dfdae58a8640af0adb2148ce7b34a9c40ff7663bb1cb7e7597b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 03:22

Target

aae04f4409f006599b0964ad0811a415.exe
Size

345KB
MD5

aae04f4409f006599b0964ad0811a415
SHA1

0b18f297e064c08f94b8f5a4c9ad49ca89175f66
SHA256

f0643d514d2a4dfdae58a8640af0adb2148ce7b34a9c40ff7663bb1cb7e7597b
SHA512

c9b03e48a5e7096f2f9137df2e88a32e67fb542358e454f701ee934c43fd184f5180f0b5aaeea92207542c374a1131bdbefe9adaeeb8f080e0e344088cb1a1e4
SSDEEP

6144:mGw16Sz8DRXgVPqEHoq6NoEiDFO4PbjDGF+MmnJnz2MvVi6pLHDGTWvd:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJD

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1620	orthb.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\jfgfn\orthb.exe	aae04f4409f006599b0964ad0811a415.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 1620	1684	aae04f4409f006599b0964ad0811a415.exe	89
PID 1684 wrote to memory of 1620	1684	aae04f4409f006599b0964ad0811a415.exe	89
PID 1684 wrote to memory of 1620	1684	aae04f4409f006599b0964ad0811a415.exe	89

C:\Users\Admin\AppData\Local\Temp\aae04f4409f006599b0964ad0811a415.exe
"C:\Users\Admin\AppData\Local\Temp\aae04f4409f006599b0964ad0811a415.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Program Files (x86)\jfgfn\orthb.exe
  "C:\Program Files (x86)\jfgfn\orthb.exe"
  2⤵
  - Executes dropped EXE
  PID:1620

C:\Program Files (x86)\jfgfn\orthb.exe

Filesize
355KB

MD5
33363f25d65d0ef3dfb9fce070396303

SHA1
ec0452970cc5e197f0abd2b4a5fda98dec58721d

SHA256
5a5edb6b8a8d43380a40aa707c2fe82754b565671aafdf2d511672411ee60c25

SHA512
15242881f228f21fd3c96df95dcfb14b7b2999f7ef9a22bd969e1db452295a6598be642c7e77e85eedd21cfbbf10cca419ff38ca501f7bafacb34f0ad8be7d32

Download Submit
memory/1620-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1620-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1684-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1684-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1684-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download