f99b99f39f2286d322083c140dfdcb0c3aed581c90ed74be9127ea8889e226f7

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 17:11

Target

cbf6e50691e62c46a1e0a6e92c7c038e.exe
Size

814KB
MD5

cbf6e50691e62c46a1e0a6e92c7c038e
SHA1

982a8d75e0223c96ea80c4eb24944b93cbdc856f
SHA256

f99b99f39f2286d322083c140dfdcb0c3aed581c90ed74be9127ea8889e226f7
SHA512

bc006a039a006013f0b62641411952cd33fd75b9a407726e5ab6dfea29580bb6f7b1e5e9feb2f6ddaf19f6ba2f9d5ed1bd61e9ed16fcec85f03c3052d6df2997
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVY+wu+o6fT/6j21fmmRL4uKS/:qKeyxTAJj7P+yW6mc1YCwuv6WK9

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
768	p.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wifjxqj\p.exe	cbf6e50691e62c46a1e0a6e92c7c038e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 768	2024	cbf6e50691e62c46a1e0a6e92c7c038e.exe	90
PID 2024 wrote to memory of 768	2024	cbf6e50691e62c46a1e0a6e92c7c038e.exe	90
PID 2024 wrote to memory of 768	2024	cbf6e50691e62c46a1e0a6e92c7c038e.exe	90

C:\Users\Admin\AppData\Local\Temp\cbf6e50691e62c46a1e0a6e92c7c038e.exe
"C:\Users\Admin\AppData\Local\Temp\cbf6e50691e62c46a1e0a6e92c7c038e.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\wifjxqj\p.exe
  "C:\Program Files (x86)\wifjxqj\p.exe"
  2⤵
  - Executes dropped EXE
  PID:768

C:\Program Files (x86)\wifjxqj\p.exe

Filesize
834KB

MD5
c8a0ac30b3f1be8ae6fc3e51e7b7cee4

SHA1
8270f63f60c1cba8e546975d0f490cbf5b83af3e

SHA256
d63e1a1afd3c45f69a0d1fe08218a6e5dd6cc23e5a1123ab5aeb1972e8f72d5e

SHA512
1a09b06eb5ec2ba6945559a096d33c60d6f3dd1d7c99bb0582475b7ba398992d59f5281d8d5960fbd25e37851b9f3097a0d0e8a4b8a6aa2ada2acab47e3b71c0

Download Submit
memory/768-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/768-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/768-9-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2024-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2024-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2024-5-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download