541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219

Analysis

Target

541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe
Size

6.3MB
MD5

aa4e99b717bcb7e916148a469e69788a
SHA1

42fc554d8442a78a48dc624d3de59ae4515eed6d
SHA256

541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219
SHA512

c6127eb47a24df060e8d81f95dd3fd4d0118b6fefbd38b25e6f23ac11f4ebdd0eecb61ddd79ef0cc9c4e52cdd36e823f99d5be389141f5ac9cead1b95d33f4ca

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1260	1984	541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe	27
PID 1984 wrote to memory of 1260	1984	541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe	27
PID 1984 wrote to memory of 1260	1984	541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe	27
PID 1260 wrote to memory of 1324	1260	cmd.exe	28
PID 1260 wrote to memory of 1324	1260	cmd.exe	28
PID 1260 wrote to memory of 1324	1260	cmd.exe	28

C:\Users\Admin\AppData\Local\Temp\541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe
"C:\Users\Admin\AppData\Local\Temp\541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\system32\cmd.exe
  cmd /C "net use \\10.10.3.42\c$ 23AS32df21 /user:adm-karsair"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Windows\system32\net.exe
    net use \\10.10.3.42\c$ 23AS32df21 /user:adm-karsair
    3⤵
    PID:1324