14189f5f8a15e6c8628a77cc620abe1d32084821ad842093cab5a468e0a85354

Analysis

max time kernel
97s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 02:32

Target

4f4eb4bfd489ca86eb035daa10143ad0N.exe
Size

71KB
MD5

4f4eb4bfd489ca86eb035daa10143ad0
SHA1

2ae74fd790d0af4416b33c31926e5da201d822f2
SHA256

14189f5f8a15e6c8628a77cc620abe1d32084821ad842093cab5a468e0a85354
SHA512

ee1b031d7845a7e16f813f555462c4682b757f67fae1e03df7b6629d5f3074a7daefd70e9235f6a4c48a2ba146f9a1739efd6b72b819e56874eee4baca2b85b2
SSDEEP

1536:149S940hfcXdb8hnrBNf7IdWBeKzKLUHun+zmIGATz:r940hNVBIdWBjUDA3

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2032	rnoodat.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rnoodat.exe	4f4eb4bfd489ca86eb035daa10143ad0N.exe
File created	C:\Windows\SysWOW64\rnoodat.exe	4f4eb4bfd489ca86eb035daa10143ad0N.exe

C:\Users\Admin\AppData\Local\Temp\4f4eb4bfd489ca86eb035daa10143ad0N.exe
"C:\Users\Admin\AppData\Local\Temp\4f4eb4bfd489ca86eb035daa10143ad0N.exe"
1⤵
- Drops file in System32 directory
PID:3720
- C:\Windows\SysWOW64\rnoodat.exe
  "C:\Windows\system32\rnoodat.exe"
  2⤵
  - Executes dropped EXE
  PID:2032

C:\Windows\SysWOW64\rnoodat.exe

Filesize
67KB

MD5
523a87c15a43c469d1d4448488477e69

SHA1
6dfb9f5e1f013dbf07600078519318053b60a3de

SHA256
4c40cb9b322387b1531a1d163b722fca363736ebc87c0d38c43eae3cb99379bf

SHA512
df487895a7e290b831c08a560a502942ce7eb9b10d0de6e1299ee466b87e54fa3ff0152989569c9cf36c794b2af7e796a7799843a558936f553b9b93b6169043

Download Submit
memory/3720-1-0x0000000077362000-0x0000000077363000-memory.dmp

Filesize
4KB

Download
memory/3720-4-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download