d8011637aeba8ab4526d15d09f845de4651d224afcc8997703d5f029fc32cfc2

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 21:33

Target

b5b641aac40506151c3793ad7d14055d.exe
Size

847KB
MD5

b5b641aac40506151c3793ad7d14055d
SHA1

eaf330160a0dc7970d36e6d017a7483b43a89606
SHA256

d8011637aeba8ab4526d15d09f845de4651d224afcc8997703d5f029fc32cfc2
SHA512

85e519b882aae7285d7a9cd31321af8133b5db916a6c10f8f4259152cf644179ca3c1c4529c2801d792d9cc2fcd1a94cf3c239ac742144d9234e2dd852d9c2f1
SSDEEP

24576:7zXKqa8SEijjC+37liXbLbklmfB6bEDPGyBL7AF:7z6qaakjC+3srLAKB6bEZBL7C

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2964	qfiqiic.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ovubsu\qfiqiic.exe	b5b641aac40506151c3793ad7d14055d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 2964	5024	b5b641aac40506151c3793ad7d14055d.exe	88
PID 5024 wrote to memory of 2964	5024	b5b641aac40506151c3793ad7d14055d.exe	88
PID 5024 wrote to memory of 2964	5024	b5b641aac40506151c3793ad7d14055d.exe	88

C:\Users\Admin\AppData\Local\Temp\b5b641aac40506151c3793ad7d14055d.exe
"C:\Users\Admin\AppData\Local\Temp\b5b641aac40506151c3793ad7d14055d.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files (x86)\ovubsu\qfiqiic.exe
  "C:\Program Files (x86)\ovubsu\qfiqiic.exe"
  2⤵
  - Executes dropped EXE
  PID:2964

C:\Program Files (x86)\ovubsu\qfiqiic.exe

Filesize
857KB

MD5
a17fe9ea7728c0f190b96df028a712ec

SHA1
1e42cbaa1cbc57ba0420a2651cf9c0db299ac9be

SHA256
6dfa890bc2a58178701b8d2d516a6d32e91dc3eabed28970a2adef6b83e36681

SHA512
e129f77905fbc5d1a619e03a6dd6fbebd74262c3fc9cc2eaaef42a7d8bbff055b86dc852cf432d08df2733377492c4af5b78d0daf16b9f9fa63e2f48eec4c57b

Download Submit
memory/2964-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2964-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5024-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5024-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5024-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download