6af2a7fa13ac2d62f579e841d8c6d91dd9ccaaaa4163627a33d352eccaf719c5

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 15:28

Target

c638a1882207e93bf0e0a3bd1a032ea9.exe
Size

756KB
MD5

c638a1882207e93bf0e0a3bd1a032ea9
SHA1

6335d42a21e4c16a16b0304f5ad4a88cc1e120df
SHA256

6af2a7fa13ac2d62f579e841d8c6d91dd9ccaaaa4163627a33d352eccaf719c5
SHA512

12213e5c9ea344df0840a7e3a6a484514aa584be801f7b77ced2e73aab7f8baf4c9fa7c23bb2085cc9e41cabc9f8d0fdf821dad4963213c73e57b3b2290670a8
SSDEEP

12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJLDl164NkCadqvgnZ4zTOAOYSfieFXQCHq:7zXKqa8SEijjC+37li4daoInr1YSfi6K

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2172	hhyufvmm.exe

Loads dropped DLL 1 IoCs

pid	Process
1768	c638a1882207e93bf0e0a3bd1a032ea9.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wdmhthp\hhyufvmm.exe	c638a1882207e93bf0e0a3bd1a032ea9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 2172	1768	c638a1882207e93bf0e0a3bd1a032ea9.exe	28
PID 1768 wrote to memory of 2172	1768	c638a1882207e93bf0e0a3bd1a032ea9.exe	28
PID 1768 wrote to memory of 2172	1768	c638a1882207e93bf0e0a3bd1a032ea9.exe	28
PID 1768 wrote to memory of 2172	1768	c638a1882207e93bf0e0a3bd1a032ea9.exe	28

C:\Users\Admin\AppData\Local\Temp\c638a1882207e93bf0e0a3bd1a032ea9.exe
"C:\Users\Admin\AppData\Local\Temp\c638a1882207e93bf0e0a3bd1a032ea9.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files (x86)\wdmhthp\hhyufvmm.exe
  "C:\Program Files (x86)\wdmhthp\hhyufvmm.exe"
  2⤵
  - Executes dropped EXE
  PID:2172

\Program Files (x86)\wdmhthp\hhyufvmm.exe

Filesize
781KB

MD5
5a43291d86cfee44009e5a8803946659

SHA1
8fba1d647ffac933919e540495be6b6313abb30d

SHA256
12ae9a36bc921dcbfa0418546b77e8e27c2b3ff3dcbc10950aee74e46d719a2d

SHA512
cd2c4b6487552990988c5decb37dfe29cbf95787ce126325709e817135d1e33e79735f03687b1e931865890b1b609b8aa72476b676a49f3762a1e6dfb1b303d9

Download Submit
memory/1768-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1768-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1768-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1768-6-0x00000000007F0000-0x0000000000884000-memory.dmp

Filesize
592KB

Download
memory/2172-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2172-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2172-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download