45ab57fb5fa51c53f20114440df99fc37c621080b5c9034bc9c14c4ca0d65c0e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 13:48

Target

de27fcffc0f4a7dff7a2ce6947b573f6.exe
Size

12KB
MD5

de27fcffc0f4a7dff7a2ce6947b573f6
SHA1

7652b9f3d9631a9d61d01f12150fcc75e56e448d
SHA256

45ab57fb5fa51c53f20114440df99fc37c621080b5c9034bc9c14c4ca0d65c0e
SHA512

0da1a8295609224264859023b1f10bb706d6ae4b5013591c07faf56041e4737fd1056845542b7e8f8aa1dde1fa5c6bebcdb51b9bee6ca5360d07494dc20848c1
SSDEEP

192:O2NX6YoYV+qORFgjGHdx6Pvam5ts7OXyO62Qrbti8J2Z86eLTIkePxRM:PohThHePvVLyD2MJ6e4keP

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2172	ae.exe

Executes dropped EXE 2 IoCs

pid	Process
2172	ae.exe
2696	ae.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ae.exe	de27fcffc0f4a7dff7a2ce6947b573f6.exe
File created	C:\Windows\ae.exe	de27fcffc0f4a7dff7a2ce6947b573f6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2696	2172	ae.exe	94
PID 2172 wrote to memory of 2696	2172	ae.exe	94
PID 2172 wrote to memory of 2696	2172	ae.exe	94

C:\Users\Admin\AppData\Local\Temp\de27fcffc0f4a7dff7a2ce6947b573f6.exe
"C:\Users\Admin\AppData\Local\Temp\de27fcffc0f4a7dff7a2ce6947b573f6.exe"
1⤵
- Drops file in Windows directory
PID:828

C:\Windows\ae.exe
C:\Windows\ae.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\ae.exe
  C:\Windows\ae.exe
  2⤵
  - Executes dropped EXE
  PID:2696

C:\T.ini

Filesize
79B

MD5
e987308ecf56fcca87b8a532bee89dae

SHA1
3edee95c41e935015f5b17284484a57ee8b74e15

SHA256
3d22f9b42665f109aaddf098f9c5cf692f6b49288d0f448069c98a66d2d7c7e9

SHA512
389c3df9848fb85681ed9309ef35b46b1eaa62a0872e06b607508e37011b65fe4a6777e540d8f832657d8af7ce323654dde3cdd1fd7db5943f90405c7dd0e226

Download Submit
C:\Windows\ae.exe

Filesize
9KB

MD5
8386aa9b4138c51ac4154796baed3c5e

SHA1
02d23244b2d376a64e390520fb430ced73854afa

SHA256
3e23627eb12529ef27332c5600a1a45a241f558d0c40b69324a74bb081b283d9

SHA512
169712ea7df7139da5a5f9552d3e3ba68a698598f1f7362c7ff894c758864e76fe2a86980b29de502d266b6e127b98d308417d63745830ca6cf084ef70affb54

Download Submit
memory/828-4-0x0000000000400000-0x0000000000403080-memory.dmp

Filesize
12KB

Download
memory/2172-7-0x0000000000400000-0x0000000000402700-memory.dmp

Filesize
9KB

Download
memory/2696-8-0x0000000000400000-0x0000000000402700-memory.dmp

Filesize
9KB

Download