42c767d9a6fcf327039c6e4d204a7fc536005e54b81876b4c6d7c7873d46ca1f

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 05:33

Target

baa3d85ae9ac5d21aaa38ab87b9c5bd8.exe
Size

1.0MB
MD5

baa3d85ae9ac5d21aaa38ab87b9c5bd8
SHA1

101d864536cbb3bd9632b02cbd75fa39d9b63c47
SHA256

42c767d9a6fcf327039c6e4d204a7fc536005e54b81876b4c6d7c7873d46ca1f
SHA512

4de523f9db1e4afcb017f345d90b8c685fe64d8c9c7316db02cfdb98577eae872fb8f637af59d5d4283ab118370d5fe673e7aa2e2734b4f5e507db31256a1d2c
SSDEEP

24576:7zXKqa8SEijjC+37liXbLbklmfB6/tbQdSmKeJ0xjOR:7z6qaakjC+3srLAKB61bQd3Keao

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4776	qfbgpf.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\tolpcty\qfbgpf.exe	baa3d85ae9ac5d21aaa38ab87b9c5bd8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 4776	5040	baa3d85ae9ac5d21aaa38ab87b9c5bd8.exe	97
PID 5040 wrote to memory of 4776	5040	baa3d85ae9ac5d21aaa38ab87b9c5bd8.exe	97
PID 5040 wrote to memory of 4776	5040	baa3d85ae9ac5d21aaa38ab87b9c5bd8.exe	97

C:\Users\Admin\AppData\Local\Temp\baa3d85ae9ac5d21aaa38ab87b9c5bd8.exe
"C:\Users\Admin\AppData\Local\Temp\baa3d85ae9ac5d21aaa38ab87b9c5bd8.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Program Files (x86)\tolpcty\qfbgpf.exe
  "C:\Program Files (x86)\tolpcty\qfbgpf.exe"
  2⤵
  - Executes dropped EXE
  PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:2516

C:\Program Files (x86)\tolpcty\qfbgpf.exe

Filesize
1.1MB

MD5
c9e730790431f63c97c5afe5f32b33f2

SHA1
7390c74eea636729c3f1ab0b57fae2523d28ce07

SHA256
284bc4eca4cd7be3766933b8563d69c90f32903711fc639384a4735e278ab4d3

SHA512
8e8f795fb82b94d5246d9cf7eeb1aeb0cac667345509e6ff43772c631589f71dd8aee556be7734188b760d58507e799f4751e0b94506273becacc651822c0186

Download Submit
memory/4776-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4776-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5040-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5040-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/5040-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download