05af298adf0dc76f01b300a7b2bc7a937048b3f682dd11451af09cbacab09b0e

Analysis

max time kernel
189s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 16:00

Target

05af298adf0dc76f01b300a7b2bc7a937048b3f682dd11451af09cbacab09b0e.exe
Size

711KB
MD5

50c6b095829e2e7548e4c0e5697a2af0
SHA1

607a48d5c5b426d5ce8c907a7dcdcccd26ce3703
SHA256

05af298adf0dc76f01b300a7b2bc7a937048b3f682dd11451af09cbacab09b0e
SHA512

7388f00593827375e877d862c04e2f5fa06bf37ee30fb7a687adf31a07f3a2804b097e16b9224d21b3b1df8b3e4e661400ba285640932292d9f394d5e3b3c3e6
SSDEEP

12288:qLM2vy7hCILsOuW2Q6Y2BVQ428W+vqWt0S9SiPYZZz1SHU1vOjYt/8DIhd7OwLM:gMhCILsOuWeBVl2b+vhOUpkpSHU1r/e8

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

~DFA24C.tmp

pid process

4724 ~DFA24C.tmp

pid	process
4724	~DFA24C.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

05af298adf0dc76f01b300a7b2bc7a937048b3f682dd11451af09cbacab09b0e.exe

description	pid	process	target process
PID 3192 wrote to memory of 4724	3192	05af298adf0dc76f01b300a7b2bc7a937048b3f682dd11451af09cbacab09b0e.exe	~DFA24C.tmp
PID 3192 wrote to memory of 4724	3192	05af298adf0dc76f01b300a7b2bc7a937048b3f682dd11451af09cbacab09b0e.exe	~DFA24C.tmp
PID 3192 wrote to memory of 4724	3192	05af298adf0dc76f01b300a7b2bc7a937048b3f682dd11451af09cbacab09b0e.exe	~DFA24C.tmp

C:\Users\Admin\AppData\Local\Temp\05af298adf0dc76f01b300a7b2bc7a937048b3f682dd11451af09cbacab09b0e.exe
"C:\Users\Admin\AppData\Local\Temp\05af298adf0dc76f01b300a7b2bc7a937048b3f682dd11451af09cbacab09b0e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3192

C:\Users\Admin\AppData\Local\Temp\~DFA24C.tmp
C:\Users\Admin\AppData\Local\Temp\~DFA24C.tmp OK
2⤵
- Executes dropped EXE
PID:4724

C:\Users\Admin\AppData\Local\Temp\~DFA24C.tmp
Filesize
720KB

MD5
d516c19d377647cc073fe4fd20cf7a88

SHA1
6668f0e300c0160a2b77d71d77b8ca299368a286

SHA256
5a585f7c91a74f55a00fdc12c9ff3d8036e8af6a0646858dc98410a876b63ace

SHA512
7aa132a72c3408ec2e5ed8fd0ee926ed2790aefce421fc099924d48a748ffba8095b85d709d08bb0d1b2847ce6365fdeb6825c6328f93df27c6f6c970f673b46

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFA24C.tmp
Filesize
720KB

MD5
d516c19d377647cc073fe4fd20cf7a88

SHA1
6668f0e300c0160a2b77d71d77b8ca299368a286

SHA256
5a585f7c91a74f55a00fdc12c9ff3d8036e8af6a0646858dc98410a876b63ace

SHA512
7aa132a72c3408ec2e5ed8fd0ee926ed2790aefce421fc099924d48a748ffba8095b85d709d08bb0d1b2847ce6365fdeb6825c6328f93df27c6f6c970f673b46

Download Submit
memory/3192-132-0x00000000002D0000-0x0000000000397000-memory.dmp

Filesize
796KB

Download
memory/3192-137-0x00000000002D0000-0x0000000000397000-memory.dmp

Filesize
796KB

Download
memory/4724-133-0x0000000000000000-mapping.dmp

Download
memory/4724-136-0x00000000004A0000-0x0000000000567000-memory.dmp

Filesize
796KB

Download