e47a771775138fbac8b6c8794b5b2a6a1900659c1072ed099acfeaf65a433c38

Analysis

max time kernel
142s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 16:42

Target

219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d.exe
Size

13KB
MD5

24b227d27dba98717db7d680ecaa7df9
SHA1

6d95076d44259a20ffaa5521c14e26ea833b5688
SHA256

219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d
SHA512

8d7dd227e69d8e1f25741285459c3989ca00c5d4f4b4eef2fcf3d252f71c077facc42d0fe1bd54fd3971955f1fc4d8595f485f5bfffeb58dc5975b6e5066f876
SSDEEP

192:6kWjQTlZ1eB+pvdNtj2+SPwHP+Q/ZCv2qwvuCKK76n9bJHOkrUN8:6kjTlZ02NtvSKP+cZC+qwZPGn9bJrUN

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\wow64.job	219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d.exe
File opened for modification	C:\Windows\Tasks\wow64.job	219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 592 wrote to memory of 1268	592	taskeng.exe	29
PID 592 wrote to memory of 1268	592	taskeng.exe	29
PID 592 wrote to memory of 1268	592	taskeng.exe	29
PID 592 wrote to memory of 1268	592	taskeng.exe	29

C:\Users\Admin\AppData\Local\Temp\219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d.exe
"C:\Users\Admin\AppData\Local\Temp\219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d.exe"
1⤵
- Drops file in Windows directory
PID:3048

C:\Windows\system32\taskeng.exe
taskeng.exe {A8B50A7A-0566-4D5E-BD2A-4A73363A13A8} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:592
- C:\Users\Admin\AppData\Local\Temp\219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d.exe
  C:\Users\Admin\AppData\Local\Temp\219190b435ebca649e2396ab03a38e68d034ae619367caabbba7cad3c4a4777d.exe start
  2⤵
  PID:1268