68a860eb55fefce940e5340f7bbf6163bd25a52843a14d066a7ab0f647132e3b

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 03:46

Target

bfc2ff8fc46d561ea35a79dfc4bc671f.exe
Size

726KB
MD5

bfc2ff8fc46d561ea35a79dfc4bc671f
SHA1

4266d0dad3e409732e18600cbb6d174ebd0a27ba
SHA256

68a860eb55fefce940e5340f7bbf6163bd25a52843a14d066a7ab0f647132e3b
SHA512

0af339ccbe6ce3fd0000679a9d411e2d31b6845feef904c91a60032b3df936b948915f3e7c01ba4540bd9959ac5653b57065f7bc463ff07ca64f7e7573b48138
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhWto9+PlHhXyd/kCQTswG6iEJ/5mBoDHk4/9H:qKeyxTAJj7P+yeo9yBXy/kFTswGNEJkC

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1696	hye.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\yervibxw\hye.exe	bfc2ff8fc46d561ea35a79dfc4bc671f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 1696	1556	bfc2ff8fc46d561ea35a79dfc4bc671f.exe	98
PID 1556 wrote to memory of 1696	1556	bfc2ff8fc46d561ea35a79dfc4bc671f.exe	98
PID 1556 wrote to memory of 1696	1556	bfc2ff8fc46d561ea35a79dfc4bc671f.exe	98

C:\Users\Admin\AppData\Local\Temp\bfc2ff8fc46d561ea35a79dfc4bc671f.exe
"C:\Users\Admin\AppData\Local\Temp\bfc2ff8fc46d561ea35a79dfc4bc671f.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Program Files (x86)\yervibxw\hye.exe
  "C:\Program Files (x86)\yervibxw\hye.exe"
  2⤵
  - Executes dropped EXE
  PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:4804

C:\Program Files (x86)\yervibxw\hye.exe

Filesize
187KB

MD5
6372bb9c9028f666d043414828a5bedb

SHA1
b7c284feddef744799b7e5ef9081d84b9cf9fc44

SHA256
7a9e83c69af4665ae1f421163323b1753d85e9773897ebe56616340cab5dfe85

SHA512
2ed0a3e936698d9b1463c7fd29481a413310f7ac6661b0c4ef4620d36aa8e2dd64fa432275d6927ba2b883c3b78e6e3311c71a4ce8c5d0d22493c8bd939c61c4

Download Submit
C:\Program Files (x86)\yervibxw\hye.exe

Filesize
745KB

MD5
9ea46d6927494a3bfd08808ec904595d

SHA1
223335766496189b099c98175015a0b29ac5289e

SHA256
0c300152bd8563e6d66fe04d6271a52f4b0d2fe9f02ef835fb85e21419d1e5c3

SHA512
4f81b8bb3f3111f1c568ce96fc9947e1c1a97be58d5bc4f85db1cb8ef409ea90de35208af8954743a1e94cc947b9d87a811271c12a10575592271e3ed122d35b

Download Submit
memory/1556-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1556-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1556-2-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1556-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1696-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1696-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download