d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b

Analysis

max time kernel
158s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:01

Target

d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b.exe
Size

74KB
MD5

bfee87ebe3455bb098254f0e925e669a
SHA1

82c8f5c0968eea2614935ee3cf327167d10f2d79
SHA256

d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b
SHA512

03ac65985349288c531646dc52237f1edd07d94352c8bd69fb0c21ef0b3e5a1f1a3eea47b958c18689dd603ae2676986c8b58d3ee8a40c156bc57d54f40b0e64
SSDEEP

1536:mp5/6PnjGPnjhpusLx4dxL+yJ0K0IxL3mqT4bcagRLlAvCJ:E5iLGfjh9O+U0K0I939gcaklA

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

BBD3.tmp

pid process

2156 BBD3.tmp

pid	process
2156	BBD3.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b.exe

description	pid	process	target process
PID 4068 wrote to memory of 2156	4068	d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b.exe	BBD3.tmp
PID 4068 wrote to memory of 2156	4068	d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b.exe	BBD3.tmp
PID 4068 wrote to memory of 2156	4068	d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b.exe	BBD3.tmp

C:\Users\Admin\AppData\Local\Temp\d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b.exe
"C:\Users\Admin\AppData\Local\Temp\d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4068

C:\Users\Admin\AppData\Local\Temp\BBD3.tmp
"C:\Users\Admin\AppData\Local\Temp\BBD3.tmp" "C:\Users\Admin\AppData\Local\Temp\d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b.exe"
2⤵
- Executes dropped EXE
PID:2156

C:\Users\Admin\AppData\Local\Temp\BBD3.tmp

Filesize
74KB

MD5
bfee87ebe3455bb098254f0e925e669a

SHA1
82c8f5c0968eea2614935ee3cf327167d10f2d79

SHA256
d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b

SHA512
03ac65985349288c531646dc52237f1edd07d94352c8bd69fb0c21ef0b3e5a1f1a3eea47b958c18689dd603ae2676986c8b58d3ee8a40c156bc57d54f40b0e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\BBD3.tmp

Filesize
74KB

MD5
bfee87ebe3455bb098254f0e925e669a

SHA1
82c8f5c0968eea2614935ee3cf327167d10f2d79

SHA256
d45e7f141fcf060d1172698318af907b4ee5123f0f3b869dc10142e825c5720b

SHA512
03ac65985349288c531646dc52237f1edd07d94352c8bd69fb0c21ef0b3e5a1f1a3eea47b958c18689dd603ae2676986c8b58d3ee8a40c156bc57d54f40b0e64

Download Submit
memory/2156-133-0x0000000000000000-mapping.dmp

Download
memory/4068-132-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download