45b63e1696286da25adc59a253be185d086cde2d9ec17c9fccee83ae400de55a

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 12:16

Target

b8b62dc902e8b2ed17b2145592064d60.exe
Size

1.0MB
MD5

b8b62dc902e8b2ed17b2145592064d60
SHA1

39e7194f1fd9e6cb2539345d5981bcb1ec55c5b4
SHA256

45b63e1696286da25adc59a253be185d086cde2d9ec17c9fccee83ae400de55a
SHA512

e06d9b2f449cc418cf5aa01975322c2025b474550faee478387b95b3dfc4124e800f689a9839dc0af3af7b85c19c3157eb2c4fb81930ed0fefbdf33fb5b17caf
SSDEEP

24576:7zXKqa8SEijjC+37liXbLbklmfB6/tbQdSmKBQXe:7z6qaakjC+3srLAKB61bQd3KaXe

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4480	jiaubfmjh.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\omufzk\jiaubfmjh.exe	b8b62dc902e8b2ed17b2145592064d60.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 4480	4708	b8b62dc902e8b2ed17b2145592064d60.exe	98
PID 4708 wrote to memory of 4480	4708	b8b62dc902e8b2ed17b2145592064d60.exe	98
PID 4708 wrote to memory of 4480	4708	b8b62dc902e8b2ed17b2145592064d60.exe	98

C:\Users\Admin\AppData\Local\Temp\b8b62dc902e8b2ed17b2145592064d60.exe
"C:\Users\Admin\AppData\Local\Temp\b8b62dc902e8b2ed17b2145592064d60.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files (x86)\omufzk\jiaubfmjh.exe
  "C:\Program Files (x86)\omufzk\jiaubfmjh.exe"
  2⤵
  - Executes dropped EXE
  PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3708 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:2788

C:\Program Files (x86)\omufzk\jiaubfmjh.exe

Filesize
1.0MB

MD5
0e845927876ae97e1d7636620f104617

SHA1
db87880123c4888a4c699e2afd9250f9872a0420

SHA256
51f937752770579927b362b3baaf4302fa0d6bdb7350e4d77721ea3fdd4530c5

SHA512
0bc8dfc7e70b50ddeb0bb7d730b55ade9db933195a9af9c002764cebcf1ecc0a4439883ae811045329e6e918e03462ffec2964ae84feea53ea2f4c6bb5725b8b

Download Submit
memory/4480-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4480-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4708-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4708-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4708-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download