146290c699f73aa36ae59672669f371c3d067cc631f6ce8646fde3022f48d6ea

Analysis

max time kernel
96s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 06:03

Target

146290c699f73aa36ae59672669f371c3d067cc631f6ce8646fde3022f48d6ea.exe
Size

72KB
MD5

8170427ff06dee58109f4ed3bffbaef0
SHA1

da3a9e56e8945f76a643b0bc1de5daa8c05d6455
SHA256

146290c699f73aa36ae59672669f371c3d067cc631f6ce8646fde3022f48d6ea
SHA512

29bbaaa3baa67004f705138950fd5cab7ba164cb891a9932cb573beea1ed5e16e3f559942f990878a9f7835fd3cf64dff355f221d4c4b7a2e91a9d8608465455
SSDEEP

1536:6rp5TXnOzlJ62Dp76vRFzUrTgZQoPigyGcG995sNI:05bnQ8dUrTA97

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
5096	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 4920	4840	146290c699f73aa36ae59672669f371c3d067cc631f6ce8646fde3022f48d6ea.exe	85
PID 4840 wrote to memory of 4920	4840	146290c699f73aa36ae59672669f371c3d067cc631f6ce8646fde3022f48d6ea.exe	85
PID 4840 wrote to memory of 4920	4840	146290c699f73aa36ae59672669f371c3d067cc631f6ce8646fde3022f48d6ea.exe	85
PID 4920 wrote to memory of 5096	4920	cmd.exe	86
PID 4920 wrote to memory of 5096	4920	cmd.exe	86
PID 4920 wrote to memory of 5096	4920	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\146290c699f73aa36ae59672669f371c3d067cc631f6ce8646fde3022f48d6ea.exe
"C:\Users\Admin\AppData\Local\Temp\146290c699f73aa36ae59672669f371c3d067cc631f6ce8646fde3022f48d6ea.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4920
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:5096

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
72KB

MD5
e6bdd25d7fafa0ca8b199cb6987374c6

SHA1
6de2a89ece76f459bbc12e0e76a8fa0e226f8d04

SHA256
89d821d8aa962dbb2848fd2115863b1e1a00fa1bb81da232e3708bafdfd1ff3d

SHA512
8f938798d0950212d90cb3a5721abd925b7ff36d55d7fd15c117fdd049f39c6b395a66d6af57f49355462953a1184506b7ecb8883b47b88909493a01a6992e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
72KB

MD5
e6bdd25d7fafa0ca8b199cb6987374c6

SHA1
6de2a89ece76f459bbc12e0e76a8fa0e226f8d04

SHA256
89d821d8aa962dbb2848fd2115863b1e1a00fa1bb81da232e3708bafdfd1ff3d

SHA512
8f938798d0950212d90cb3a5721abd925b7ff36d55d7fd15c117fdd049f39c6b395a66d6af57f49355462953a1184506b7ecb8883b47b88909493a01a6992e25

Download Submit
memory/4920-132-0x0000000000000000-mapping.dmp

Download
memory/5096-133-0x0000000000000000-mapping.dmp

Download