a01c2ba7b2ba1efc975b5c29571f8c0add973a48f6916f58b11b64477437f8ca

Analysis

max time kernel
140s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 17:16

Target

a01c2ba7b2ba1efc975b5c29571f8c0add973a48f6916f58b11b64477437f8ca.exe
Size

16KB
MD5

a02841921653daa4599290b58a5b68b8
SHA1

245879e2faed6511d9d30b58ae54ed12abf10ef8
SHA256

a01c2ba7b2ba1efc975b5c29571f8c0add973a48f6916f58b11b64477437f8ca
SHA512

7b4f52f68fa14cbde01204146b7ca2b91376cc2b6bc71bcf94378c5ddea3c60231dca2f1ce28b50860c1f93772708b50143ddd67df37d56f43e0606da9d0c85e
SSDEEP

96:CXTacedhER/uEq8zH1gWxq2sjq+ArVkxeUIjTT8jtPtboynwEzs:8aceL8Q8ZgWbFiLUTiP1oynwx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 4640	2196	a01c2ba7b2ba1efc975b5c29571f8c0add973a48f6916f58b11b64477437f8ca.exe	81
PID 2196 wrote to memory of 4640	2196	a01c2ba7b2ba1efc975b5c29571f8c0add973a48f6916f58b11b64477437f8ca.exe	81
PID 2196 wrote to memory of 4640	2196	a01c2ba7b2ba1efc975b5c29571f8c0add973a48f6916f58b11b64477437f8ca.exe	81

C:\Users\Admin\AppData\Local\Temp\a01c2ba7b2ba1efc975b5c29571f8c0add973a48f6916f58b11b64477437f8ca.exe
"C:\Users\Admin\AppData\Local\Temp\a01c2ba7b2ba1efc975b5c29571f8c0add973a48f6916f58b11b64477437f8ca.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\\del_temp.bat
  2⤵
  PID:4640

C:\Users\Admin\AppData\Local\Temp\del_temp.bat

Filesize
246B

MD5
7e071009419999de7036d6e29ef29a6e

SHA1
546604053891280192c70edaddb62c1dbfaaa1c1

SHA256
82cc52a36dd78195964a5a6692b52d8f36b8ec8c1a25bfbb48c1affa6d039878

SHA512
282c4f537351f39324df0d1a220ded22cd0a7c1b61934bda8bd70910eb17f6e7708f1c85b6b892f23e14172ba8bb62561faaa1c5ade50d0feab88698187e8217

Download Submit