56f78cef92f465cf153a650916dcb3a2369542980703f981c8027366fd5ba76b

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 21:53

Target

56f78cef92f465cf153a650916dcb3a2369542980703f981c8027366fd5ba76b.exe
Size

73KB
MD5

32e394e6bd324e51f130edf28c17c851
SHA1

9429a047c144cd1a4195ae89f17c05baa5376f05
SHA256

56f78cef92f465cf153a650916dcb3a2369542980703f981c8027366fd5ba76b
SHA512

7841c7afca674097ecb5d31a119d46214b9adb35c9ea5f97bf4b9435c1bdf573cf65d49ef53e9ba926aa60e71fd262d24c0f89d7fc5c5d3a543e85ad5fa72760
SSDEEP

1536:1WUZP5UOEbZKaIzzRghmoJHla5jxLt5b4GCa5So:LZPDEbEehmJCa1

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
428	uchivim.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\uchivim.exe	56f78cef92f465cf153a650916dcb3a2369542980703f981c8027366fd5ba76b.exe
File created	C:\Windows\SysWOW64\uchivim.exe	56f78cef92f465cf153a650916dcb3a2369542980703f981c8027366fd5ba76b.exe

C:\Users\Admin\AppData\Local\Temp\56f78cef92f465cf153a650916dcb3a2369542980703f981c8027366fd5ba76b.exe
"C:\Users\Admin\AppData\Local\Temp\56f78cef92f465cf153a650916dcb3a2369542980703f981c8027366fd5ba76b.exe"
1⤵
- Drops file in System32 directory
PID:4364
- C:\Windows\SysWOW64\uchivim.exe
  "C:\Windows\SysWOW64\uchivim.exe"
  2⤵
  - Executes dropped EXE
  PID:428

C:\Windows\SysWOW64\uchivim.exe

Filesize
70KB

MD5
0230367d65684cd880b463b758d7bb64

SHA1
7e44d5658866378d19f938e3e64ff7972170670f

SHA256
5ff125e5cda95ebe48c63bc6cd5780b6d43be28ba603d038758d9461dc4ce36d

SHA512
e91d4ec31c336ab4ad3b2e0c811395ed5a186bc2ccee60de2dc6bd522e5a9e914988ea1f7ede40600337547314c0f169bc0d013f8bafa41f1ffec803005910bc

Download Submit
memory/4364-1-0x00000000775F2000-0x00000000775F3000-memory.dmp

Filesize
4KB

Download
memory/4364-4-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download