4bd12a053d3345f4e2d52d4f81963ea42fd5fdfbc2078b8c5155cbf5a9ce1f6c

Analysis

max time kernel
330s
max time network
412s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 01:51

Target

4bd12a053d3345f4e2d52d4f81963ea42fd5fdfbc2078b8c5155cbf5a9ce1f6c.exe
Size

931KB
MD5

6106faefcfd9f0103a7af3b276765362
SHA1

76fb2ae51d809435c84dbafa74e81a1ca38d1594
SHA256

4bd12a053d3345f4e2d52d4f81963ea42fd5fdfbc2078b8c5155cbf5a9ce1f6c
SHA512

710fc7e2213c70afa886963abfdac88550cdd325f3039976618353abd1bae65f8601f6e758c72419141b1336e62df49142d7aef813d21a763c2b64c85c54a184
SSDEEP

24576:h1OYdaOKCZ/iWCvu/2sWsJA/jlt+DHhsn:h1OsECpYO/dJJDHhsn

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

vbdz3RlnKHYTN53.exe

pid process

1796 vbdz3RlnKHYTN53.exe

pid	process
1796	vbdz3RlnKHYTN53.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

4bd12a053d3345f4e2d52d4f81963ea42fd5fdfbc2078b8c5155cbf5a9ce1f6c.exe

description	pid	process	target process
PID 5112 wrote to memory of 1796	5112	4bd12a053d3345f4e2d52d4f81963ea42fd5fdfbc2078b8c5155cbf5a9ce1f6c.exe	vbdz3RlnKHYTN53.exe
PID 5112 wrote to memory of 1796	5112	4bd12a053d3345f4e2d52d4f81963ea42fd5fdfbc2078b8c5155cbf5a9ce1f6c.exe	vbdz3RlnKHYTN53.exe
PID 5112 wrote to memory of 1796	5112	4bd12a053d3345f4e2d52d4f81963ea42fd5fdfbc2078b8c5155cbf5a9ce1f6c.exe	vbdz3RlnKHYTN53.exe

C:\Users\Admin\AppData\Local\Temp\4bd12a053d3345f4e2d52d4f81963ea42fd5fdfbc2078b8c5155cbf5a9ce1f6c.exe
"C:\Users\Admin\AppData\Local\Temp\4bd12a053d3345f4e2d52d4f81963ea42fd5fdfbc2078b8c5155cbf5a9ce1f6c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5112

C:\Users\Admin\AppData\Local\Temp\7zS9D46.tmp\vbdz3RlnKHYTN53.exe
.\vbdz3RlnKHYTN53.exe
2⤵
- Executes dropped EXE
PID:1796

C:\Users\Admin\AppData\Local\Temp\7zS9D46.tmp\vbdz3RlnKHYTN53.dat
Filesize
1KB

MD5
82b2b44b3b3678d88536b31b3d22b090

SHA1
c02e92fbbdeefae664a91ae48aabdc439d2a7798

SHA256
f47244a1b52740f6c44ab24a9bf1e77fd009e3f012bbe9f9c46fe4756eeb5963

SHA512
f1dcb1c9f5349830ddfbc6ffe39defed01f133344839b2fafe0dee15e7cb81ec3337ad3ee7913381c9743d982e5c08d56ff5cf51f6175a6da0499075fcc16173

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D46.tmp\vbdz3RlnKHYTN53.exe
Filesize
772KB

MD5
5ed7019dcd0008dbcd8e54017b8c7dd9

SHA1
7e4457da2ff06c2170bad636c9eb7c1bb436fd06

SHA256
7f069fe03db518eee8162ba5f65f98f2afd28137dfde9450d26cd47f6cea8eb7

SHA512
10cef6104aeca8f7a135d4ffffb907b127f055477af4d98228c7385f0da15677357dfed13fc442ee173f85245224fc4b0ae100b832514c80802c5e5a054b70db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D46.tmp\vbdz3RlnKHYTN53.exe
Filesize
772KB

MD5
5ed7019dcd0008dbcd8e54017b8c7dd9

SHA1
7e4457da2ff06c2170bad636c9eb7c1bb436fd06

SHA256
7f069fe03db518eee8162ba5f65f98f2afd28137dfde9450d26cd47f6cea8eb7

SHA512
10cef6104aeca8f7a135d4ffffb907b127f055477af4d98228c7385f0da15677357dfed13fc442ee173f85245224fc4b0ae100b832514c80802c5e5a054b70db

Download Submit
memory/1796-132-0x0000000000000000-mapping.dmp

Download