fc0a098fb6b0ad7c2c9354e31977623d139af1693587b01ed0bc0df9ccbb57e8

Analysis

max time kernel
306s
max time network
329s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 16:32

Target

fc0a098fb6b0ad7c2c9354e31977623d139af1693587b01ed0bc0df9ccbb57e8.exe
Size

919KB
MD5

c01f556c4422ff3c1898390e9888e646
SHA1

c41918bc5c652c180e95f144b8c6036333e3c04c
SHA256

fc0a098fb6b0ad7c2c9354e31977623d139af1693587b01ed0bc0df9ccbb57e8
SHA512

3cbef1f17b21d04ea04f7cd6d7004e2f59f8b25f56a32950b50b02dfa35ff7cd8a9017797a0c2cfeaf1d444d28e213ae78197b239155a2e898c8069589eaf545
SSDEEP

24576:h1OYdaOVMtdHAqcdDVhYwiei7+EpFAh/kKI:h1OsIPHVmVhYwiLtKkKI

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

zjqnWv6Lq9ZBaXz.exe

pid process

4300 zjqnWv6Lq9ZBaXz.exe

pid	process
4300	zjqnWv6Lq9ZBaXz.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

fc0a098fb6b0ad7c2c9354e31977623d139af1693587b01ed0bc0df9ccbb57e8.exe

description	pid	process	target process
PID 3084 wrote to memory of 4300	3084	fc0a098fb6b0ad7c2c9354e31977623d139af1693587b01ed0bc0df9ccbb57e8.exe	zjqnWv6Lq9ZBaXz.exe
PID 3084 wrote to memory of 4300	3084	fc0a098fb6b0ad7c2c9354e31977623d139af1693587b01ed0bc0df9ccbb57e8.exe	zjqnWv6Lq9ZBaXz.exe
PID 3084 wrote to memory of 4300	3084	fc0a098fb6b0ad7c2c9354e31977623d139af1693587b01ed0bc0df9ccbb57e8.exe	zjqnWv6Lq9ZBaXz.exe

C:\Users\Admin\AppData\Local\Temp\fc0a098fb6b0ad7c2c9354e31977623d139af1693587b01ed0bc0df9ccbb57e8.exe
"C:\Users\Admin\AppData\Local\Temp\fc0a098fb6b0ad7c2c9354e31977623d139af1693587b01ed0bc0df9ccbb57e8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3084

C:\Users\Admin\AppData\Local\Temp\7zS96C3.tmp\zjqnWv6Lq9ZBaXz.exe
.\zjqnWv6Lq9ZBaXz.exe
2⤵
- Executes dropped EXE
PID:4300

C:\Users\Admin\AppData\Local\Temp\7zS96C3.tmp\zjqnWv6Lq9ZBaXz.exe

Filesize
760KB

MD5
dcd148f6f3af3e3b0935c4fcc9f41811

SHA1
ee9bdbc7c568c7832d90b85921ab20030b6734cd

SHA256
f8689641199c6fc430121797965485d95abfbc430753e0e668817ab3b511a1e4

SHA512
34be8e60dc2decf8287a71516f359e80bb858ce52218dde1b01c821c9b95be38821f068b79b0da8dbe90865560e7ddab77b25e3971dda9be667fb3ae8f174886

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96C3.tmp\zjqnWv6Lq9ZBaXz.exe

Filesize
760KB

MD5
dcd148f6f3af3e3b0935c4fcc9f41811

SHA1
ee9bdbc7c568c7832d90b85921ab20030b6734cd

SHA256
f8689641199c6fc430121797965485d95abfbc430753e0e668817ab3b511a1e4

SHA512
34be8e60dc2decf8287a71516f359e80bb858ce52218dde1b01c821c9b95be38821f068b79b0da8dbe90865560e7ddab77b25e3971dda9be667fb3ae8f174886

Download Submit
memory/4300-132-0x0000000000000000-mapping.dmp

Download