af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 04:09

Target

af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe
Size

257KB
MD5

18cfbe450747a2463e5a3fa1ee97e93f
SHA1

a178195fc92055ded0fd16bdd06fac82cbb567de
SHA256

af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8
SHA512

b3540904f339ef7db732288650ddcdd6b7d41fde8740d81f3031891f2cbbfe3ef8fd00b002c6c4adc2f6c30d8369f59bde56f27e538e55397acac0e2dc743c20
SSDEEP

6144:lH+2vhjfdSKB6XHABgukwVEfXym375ZtSZX:lH+eJCD

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

55555.exe

pid process

616 55555.exe

pid	process
616	55555.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe

description	pid	process	target process
PID 1980 wrote to memory of 616	1980	af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe	55555.exe
PID 1980 wrote to memory of 616	1980	af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe	55555.exe
PID 1980 wrote to memory of 616	1980	af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe	55555.exe

C:\Users\Admin\AppData\Local\Temp\af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe
"C:\Users\Admin\AppData\Local\Temp\af87326a0b6666de5bd221081a11f76ce089f97763dab5ea99f48a4a231349c8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980

C:\Users\Admin\AppData\Local\Temp\55555.exe
"C:\Users\Admin\AppData\Local\Temp\55555.exe"
2⤵
- Executes dropped EXE
PID:616

C:\Users\Admin\AppData\Local\Temp\55555.EXE
Filesize
27KB

MD5
92aed9e9f3dc5096f758ec14d309d861

SHA1
9030ccd3d95cff21b8e14d4a5da752ccd67c956b

SHA256
4fccbdf02c2330f4a93d407e1f6b4022b54b07e4066a1c5b3a7279b11a4aa11d

SHA512
5c8e128c3e3f21d931bfd3c5ee2a3363390266d472dc007d2a4e29b563a7df6f2611144d99f33d26ae3f6c883e35efd0554b9ebd8a391ff87422f1715f08a06e

Download Submit
C:\Users\Admin\AppData\Local\Temp\55555.exe
Filesize
27KB

MD5
92aed9e9f3dc5096f758ec14d309d861

SHA1
9030ccd3d95cff21b8e14d4a5da752ccd67c956b

SHA256
4fccbdf02c2330f4a93d407e1f6b4022b54b07e4066a1c5b3a7279b11a4aa11d

SHA512
5c8e128c3e3f21d931bfd3c5ee2a3363390266d472dc007d2a4e29b563a7df6f2611144d99f33d26ae3f6c883e35efd0554b9ebd8a391ff87422f1715f08a06e

Download Submit
memory/616-132-0x0000000000000000-mapping.dmp

Download
memory/616-135-0x0000000074BD0000-0x0000000075181000-memory.dmp

Filesize
5.7MB

Download
memory/616-136-0x0000000074BD0000-0x0000000075181000-memory.dmp

Filesize
5.7MB

Download