68a860eb55fefce940e5340f7bbf6163bd25a52843a14d066a7ab0f647132e3b

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 03:46

Target

bfc2ff8fc46d561ea35a79dfc4bc671f.exe
Size

726KB
MD5

bfc2ff8fc46d561ea35a79dfc4bc671f
SHA1

4266d0dad3e409732e18600cbb6d174ebd0a27ba
SHA256

68a860eb55fefce940e5340f7bbf6163bd25a52843a14d066a7ab0f647132e3b
SHA512

0af339ccbe6ce3fd0000679a9d411e2d31b6845feef904c91a60032b3df936b948915f3e7c01ba4540bd9959ac5653b57065f7bc463ff07ca64f7e7573b48138
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhWto9+PlHhXyd/kCQTswG6iEJ/5mBoDHk4/9H:qKeyxTAJj7P+yeo9yBXy/kFTswGNEJkC

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1728	gpskqiuhpk.exe

Loads dropped DLL 1 IoCs

pid	Process
2156	bfc2ff8fc46d561ea35a79dfc4bc671f.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\algjorzqf\gpskqiuhpk.exe	bfc2ff8fc46d561ea35a79dfc4bc671f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1728	2156	bfc2ff8fc46d561ea35a79dfc4bc671f.exe	28
PID 2156 wrote to memory of 1728	2156	bfc2ff8fc46d561ea35a79dfc4bc671f.exe	28
PID 2156 wrote to memory of 1728	2156	bfc2ff8fc46d561ea35a79dfc4bc671f.exe	28
PID 2156 wrote to memory of 1728	2156	bfc2ff8fc46d561ea35a79dfc4bc671f.exe	28

C:\Users\Admin\AppData\Local\Temp\bfc2ff8fc46d561ea35a79dfc4bc671f.exe
"C:\Users\Admin\AppData\Local\Temp\bfc2ff8fc46d561ea35a79dfc4bc671f.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\algjorzqf\gpskqiuhpk.exe
  "C:\Program Files (x86)\algjorzqf\gpskqiuhpk.exe"
  2⤵
  - Executes dropped EXE
  PID:1728

\Program Files (x86)\algjorzqf\gpskqiuhpk.exe

Filesize
753KB

MD5
7c2912c6cdb0e9fc7464788c9d4e340c

SHA1
c765806bde71d8e6b3fcfbcf2af9ed02d9a4878f

SHA256
04390339f373b54a586e7159754fc062fe0ed2250601651f91c32bfab20f1803

SHA512
1d220d128c0f68633a2b31a32284e77e37025af3385fec75b07bb53fae037cc724bb459a9beb5be647fc83e8d5b6d458af86daaba504664cd894610da100d728

Download Submit
memory/1728-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1728-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2156-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2156-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2156-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2156-5-0x0000000000630000-0x00000000006C4000-memory.dmp

Filesize
592KB

Download