e692a40ce6bb31a36d3e11af1d444e251a8a3066b5919b28e6b36f4a1f99669a

Analysis

max time kernel
146s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 22:03

Target

bcea657ccf969ab7e3459d6d019f390d.exe
Size

912KB
MD5

bcea657ccf969ab7e3459d6d019f390d
SHA1

172287d475a236484c227d152a69dd5ee2ae7af5
SHA256

e692a40ce6bb31a36d3e11af1d444e251a8a3066b5919b28e6b36f4a1f99669a
SHA512

aba8ee582bd96b39298bd362995359b3d7f51ae21271865fc04520b62b80343bb5b8c6a11b9212f4dd4cc30b8fd6c17943e2e8e54604879a91b037852d3bd658
SSDEEP

24576:qKeyxTAJj7P+yjUr78DpyW6BdUxDAMZvFbcprQijnWnthRO:qKeyRA0yQP8DpyW6YxbhcrQijUbk

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4180	cq.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\jpltxir\cq.exe	bcea657ccf969ab7e3459d6d019f390d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 4180	4304	bcea657ccf969ab7e3459d6d019f390d.exe	91
PID 4304 wrote to memory of 4180	4304	bcea657ccf969ab7e3459d6d019f390d.exe	91
PID 4304 wrote to memory of 4180	4304	bcea657ccf969ab7e3459d6d019f390d.exe	91

C:\Users\Admin\AppData\Local\Temp\bcea657ccf969ab7e3459d6d019f390d.exe
"C:\Users\Admin\AppData\Local\Temp\bcea657ccf969ab7e3459d6d019f390d.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files (x86)\jpltxir\cq.exe
  "C:\Program Files (x86)\jpltxir\cq.exe"
  2⤵
  - Executes dropped EXE
  PID:4180

C:\Program Files (x86)\jpltxir\cq.exe

Filesize
926KB

MD5
381436fc7b31128faeaf165011c59123

SHA1
b882b432df93b022d50924fbad836ea3e3610233

SHA256
bac423b1e6d763b68503292a75e0d08ade41e1f09e4f02105fcee91f5d459af2

SHA512
67c8e1b760ac823d18c6277ad323f0fad41fcb2d71d60b114b213ed681e5ac82255e415efc5d5fe64970ce387607c05fb66eb7b30c1972a9cffc22bc5f2bcfe1

Download Submit
C:\Program Files (x86)\jpltxir\cq.exe

Filesize
256KB

MD5
2e17b8437cc01913bf273d6aff3afc44

SHA1
25e9084d764754e6e5fec2e7a0e0b077f8e8ee70

SHA256
5fd7dfb795b51e6a73084c4e694e154c8df2de5e73e1a6263c25b50a7f94c508

SHA512
d98d2d7c9b3232156c80b89d6113aa37696376fd7c898ca6203fe42d8e567ffb2ce9c9c3c95780afed69e1365f035a15dc4e2931096800724499459067e82d2d

Download Submit
memory/4180-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4180-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4304-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4304-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/4304-5-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download