97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd

Analysis

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 11:43

Target

97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd.exe
Size

22KB
MD5

6ac3ca86e0af052fd4aa042b50ac6d7f
SHA1

a2b65d6f871ddcda3d3db1e8450ff0e1a81d55dd
SHA256

97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd
SHA512

076322c18abfdf718cdcae660e46495e1f8f2fc932dd6b844b2e342dbfbd60e90899627bb0e67a5178bbe98450b440e24e07f5c7c81cc3f22eb1d2239e5670a0
SSDEEP

384:QcPcN6tMbHiQY1cfWDrTTTkTTckTTTTTTTT6UBFp:QcPcNVfCAWDBUBF

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
2152	cdsew.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 2152	1272	97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd.exe	79
PID 1272 wrote to memory of 2152	1272	97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd.exe	79
PID 1272 wrote to memory of 2152	1272	97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd.exe	79

C:\Users\Admin\AppData\Local\Temp\97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd.exe
"C:\Users\Admin\AppData\Local\Temp\97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Users\Admin\AppData\Local\Temp\cdsew.exe
  C:\Users\Admin\AppData\Local\Temp\cdsew.exe
  2⤵
  - Executes dropped EXE
  PID:2152

C:\Users\Admin\AppData\Local\Temp\cdsew.exe

Filesize
22KB

MD5
6ac3ca86e0af052fd4aa042b50ac6d7f

SHA1
a2b65d6f871ddcda3d3db1e8450ff0e1a81d55dd

SHA256
97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd

SHA512
076322c18abfdf718cdcae660e46495e1f8f2fc932dd6b844b2e342dbfbd60e90899627bb0e67a5178bbe98450b440e24e07f5c7c81cc3f22eb1d2239e5670a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cdsew.exe

Filesize
22KB

MD5
6ac3ca86e0af052fd4aa042b50ac6d7f

SHA1
a2b65d6f871ddcda3d3db1e8450ff0e1a81d55dd

SHA256
97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd

SHA512
076322c18abfdf718cdcae660e46495e1f8f2fc932dd6b844b2e342dbfbd60e90899627bb0e67a5178bbe98450b440e24e07f5c7c81cc3f22eb1d2239e5670a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\utt798E.tmp

Filesize
206B

MD5
e00fe67b822090d66dab915be1e38432

SHA1
8446f48492facc617090d3692bb6f258fc628416

SHA256
6c0544556a06b2a96a78699ec4da635909f59c812699db07df655b4296331824

SHA512
cdb196128486dd5af5c1678d2c8c12aaf6a537e548ff74d74fcee1b7707cb3c5b70538859ece581720bf609d4a28db6b3d2bb26745fea27d25a795506c38c552

Download Submit
memory/1272-132-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2152-137-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download