c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b

Analysis

max time kernel
137s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 16:59

Target

c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b.exe
Size

323KB
MD5

213b128086816d3500c8553bfc606440
SHA1

2ce44f71c77d488a498367f814887c84c29cb451
SHA256

c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b
SHA512

871a3766e5a7c8595731813edb3bd1076548094e74543e912f62ceb1574e719f85477e53b14aea4709a6ee99dc015dd590606c191c8a5587cf754dcdeebf1881
SSDEEP

1536:qQvBHZgFLJzSLWTV/y45BnD8SlNDSzvHF5OaeCCVpguN4eSe+eooOoaoCoCo0oB2:9hZgFLGS/y45BAss

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4012	DelC2E7.tmp

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\zxcv.vbs	c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b.exe
File opened for modification	C:\WINDOWS\zxcv.vbs	DelC2E7.tmp

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 3408	2248	c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b.exe	80
PID 2248 wrote to memory of 3408	2248	c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b.exe	80
PID 2248 wrote to memory of 3408	2248	c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b.exe	80
PID 2248 wrote to memory of 4012	2248	c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b.exe	81
PID 2248 wrote to memory of 4012	2248	c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b.exe	81
PID 2248 wrote to memory of 4012	2248	c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b.exe	81
PID 4012 wrote to memory of 3060	4012	DelC2E7.tmp	82
PID 4012 wrote to memory of 3060	4012	DelC2E7.tmp	82
PID 4012 wrote to memory of 3060	4012	DelC2E7.tmp	82

C:\Users\Admin\AppData\Local\Temp\DelC2E7.tmp

Filesize
323KB

MD5
213b128086816d3500c8553bfc606440

SHA1
2ce44f71c77d488a498367f814887c84c29cb451

SHA256
c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b

SHA512
871a3766e5a7c8595731813edb3bd1076548094e74543e912f62ceb1574e719f85477e53b14aea4709a6ee99dc015dd590606c191c8a5587cf754dcdeebf1881

Download Submit
C:\Users\Admin\AppData\Local\Temp\DelC2E7.tmp

Filesize
323KB

MD5
213b128086816d3500c8553bfc606440

SHA1
2ce44f71c77d488a498367f814887c84c29cb451

SHA256
c6693b4fc4e769d318125c4763b6664023c75f3d5a444ac1cf81899a8d63b28b

SHA512
871a3766e5a7c8595731813edb3bd1076548094e74543e912f62ceb1574e719f85477e53b14aea4709a6ee99dc015dd590606c191c8a5587cf754dcdeebf1881

Download Submit
C:\WINDOWS\zxcv.vbs

Filesize
266KB

MD5
e54857b4590a2097ae9c67d700aa0366

SHA1
3afeac8582f22e5af9bf8fc6bb45f0c85357dac7

SHA256
79f7d1725133388d18b976f6e2fd89813d57aa6c809939f7c4526cf1e2e312ae

SHA512
04d0aef7adec0d2d7f674fbf577a2295098f06cd1b4e9b311d4f62fb6c5c4e592f7666c01ceefc9677fdde42f6dca4a6e3376152f7d7a7b9e0d77fc49f4f322d

Download Submit
C:\WINDOWS\zxcv.vbs

Filesize
266KB

MD5
e54857b4590a2097ae9c67d700aa0366

SHA1
3afeac8582f22e5af9bf8fc6bb45f0c85357dac7

SHA256
79f7d1725133388d18b976f6e2fd89813d57aa6c809939f7c4526cf1e2e312ae

SHA512
04d0aef7adec0d2d7f674fbf577a2295098f06cd1b4e9b311d4f62fb6c5c4e592f7666c01ceefc9677fdde42f6dca4a6e3376152f7d7a7b9e0d77fc49f4f322d

Download Submit