3db011d89be5a9fb6ba7c29ea39061c3ba9c20ce15d17a89b2ef4a3ab7b7f955

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 11:33

Target

b49a7d2c02715c7b0b311e5a23586d56.exe
Size

966KB
MD5

b49a7d2c02715c7b0b311e5a23586d56
SHA1

5ccea79aac5438fa0dec8f5b71cce95f21b4edd1
SHA256

3db011d89be5a9fb6ba7c29ea39061c3ba9c20ce15d17a89b2ef4a3ab7b7f955
SHA512

c224c4a945d598a20df3c5f64df7833f454ee7ae12894820125249386659a2a5be6452b47c89cf6793ddf599b51e432e496201e5ee5065b5be9817e657f671db
SSDEEP

24576:7zXKqa8SEijjC+37u9BEqxt5VUsftMQtadUj/DaHsNL:7z6qaakjC+3aNxJU2XtadsuGL

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
736	sgblurosgbin.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\bukxqf\sgblurosgbin.exe	b49a7d2c02715c7b0b311e5a23586d56.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 736	1556	b49a7d2c02715c7b0b311e5a23586d56.exe	88
PID 1556 wrote to memory of 736	1556	b49a7d2c02715c7b0b311e5a23586d56.exe	88
PID 1556 wrote to memory of 736	1556	b49a7d2c02715c7b0b311e5a23586d56.exe	88

C:\Users\Admin\AppData\Local\Temp\b49a7d2c02715c7b0b311e5a23586d56.exe
"C:\Users\Admin\AppData\Local\Temp\b49a7d2c02715c7b0b311e5a23586d56.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Program Files (x86)\bukxqf\sgblurosgbin.exe
  "C:\Program Files (x86)\bukxqf\sgblurosgbin.exe"
  2⤵
  - Executes dropped EXE
  PID:736

C:\Program Files (x86)\bukxqf\sgblurosgbin.exe

Filesize
976KB

MD5
d0888fedbbf4c6df0f61d2abdb426d4e

SHA1
50757f4585c251866bca1424704ca8b41cfcb398

SHA256
c4f4da734a76e2236745d7c612660172d7875206e8666737e4f5a3ba7f905cd8

SHA512
c4f2d5e1349a52f6bd3c63a10e54508afd6fd9db43170ef4cd77ba815cd9bf0203e2d094345ebc2d69ebbfa3286795072c4c25e03a7777dee74c1ca4fd84f432

Download Submit
memory/736-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/736-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1556-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1556-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1556-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download