617c818404ac03423602a9713ac1d47b708533a791d2b7a68d5b1708fee4b3cc

Analysis

max time kernel
89s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 06:31

Target

cab6d52bb0b45770c7f533cec8c05612.exe
Size

439KB
MD5

cab6d52bb0b45770c7f533cec8c05612
SHA1

395020d861825230600e94119f6b4950369a0025
SHA256

617c818404ac03423602a9713ac1d47b708533a791d2b7a68d5b1708fee4b3cc
SHA512

cc4f1aaebdb9c56b80edddbc12b6487aabc55e0583649d0f16916c624a850754a7fc1fc636e19d35436f384707d19cc7af658c0ba287843ee7d8d9f8cb717851
SSDEEP

6144:MTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh36rSLL64j7W4+yQrOx5Yszv8Qnc8wsAA:MLry/neyx7f/A64j7P+tixhT8nWfUm

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3776	vekwmcoyyuqc.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\jybwmeso\vekwmcoyyuqc.exe	cab6d52bb0b45770c7f533cec8c05612.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 3776	1368	cab6d52bb0b45770c7f533cec8c05612.exe	88
PID 1368 wrote to memory of 3776	1368	cab6d52bb0b45770c7f533cec8c05612.exe	88
PID 1368 wrote to memory of 3776	1368	cab6d52bb0b45770c7f533cec8c05612.exe	88

C:\Users\Admin\AppData\Local\Temp\cab6d52bb0b45770c7f533cec8c05612.exe
"C:\Users\Admin\AppData\Local\Temp\cab6d52bb0b45770c7f533cec8c05612.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\jybwmeso\vekwmcoyyuqc.exe
  "C:\Program Files (x86)\jybwmeso\vekwmcoyyuqc.exe"
  2⤵
  - Executes dropped EXE
  PID:3776

C:\Program Files (x86)\jybwmeso\vekwmcoyyuqc.exe

Filesize
451KB

MD5
938cf42d177c8e31312bca4556397227

SHA1
787c6742ee88206592a766afa83f8a346d670cbe

SHA256
001ac0a271737f9ed772d190fa6c9f574697e5d1b747945f7cdab9502b623b6d

SHA512
fda98be8ad0ec21bfc71bca556a8d4e34203a00c45c2efba7d91fa7127dae69721642db493fa2d8000935135deee7bd5a77db850b7c10a9205ab8cab04bcdab1

Download Submit
memory/1368-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1368-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1368-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3776-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3776-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download