96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48

Analysis

max time kernel
145s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 18:55

Target

96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48.exe
Size

29KB
MD5

5fbbaa6694050880f85c2e3cce506aee
SHA1

b86013d001c10877ac8003b74f1f37e4b4c4f142
SHA256

96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48
SHA512

8ec8d788b650340b7aaed91b82401edf2893d6d3970f189ab2923bae59c842523fa4fe3f8f48312d18f022a745654553674950702e07522884463357449eda35
SSDEEP

768:LmV3rpghoDOjtCCF2j4LWQmq64Y444444pfa:Lm1zDOjtZ2j4LWQmf

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4288	simpleviewer.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 4288	3464	96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48.exe	81
PID 3464 wrote to memory of 4288	3464	96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48.exe	81
PID 3464 wrote to memory of 4288	3464	96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48.exe	81

C:\Users\Admin\AppData\Local\Temp\96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48.exe
"C:\Users\Admin\AppData\Local\Temp\96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Users\Admin\AppData\Local\Temp\simpleviewer.exe
  C:\Users\Admin\AppData\Local\Temp\simpleviewer.exe
  2⤵
  - Executes dropped EXE
  PID:4288

C:\Users\Admin\AppData\Local\Temp\siA155.tmp

Filesize
206B

MD5
042341a08cf34ba560d499719fe219c0

SHA1
a80a9f876096d5fcc22e2d0cb90b831fc086c693

SHA256
c1e3c32fa5c40f7d8298c145d68c7064b4842defc57c930d535452dfbcc7a73d

SHA512
0cc121fc3a33e8b6a525d5ebd4e0bc0535228d4eb153cccbf279fcaecb3613a2db9f6b0824afa6adcbada89771b1359d1ba903c251b4cd278a1761a0445ca5ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\simpleviewer.exe

Filesize
29KB

MD5
5fbbaa6694050880f85c2e3cce506aee

SHA1
b86013d001c10877ac8003b74f1f37e4b4c4f142

SHA256
96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48

SHA512
8ec8d788b650340b7aaed91b82401edf2893d6d3970f189ab2923bae59c842523fa4fe3f8f48312d18f022a745654553674950702e07522884463357449eda35

Download Submit
C:\Users\Admin\AppData\Local\Temp\simpleviewer.exe

Filesize
29KB

MD5
5fbbaa6694050880f85c2e3cce506aee

SHA1
b86013d001c10877ac8003b74f1f37e4b4c4f142

SHA256
96ee5ca5fdaf0d7e9ff5def3cfe8c256fdfe8fd726fcb1989021c7a3deceab48

SHA512
8ec8d788b650340b7aaed91b82401edf2893d6d3970f189ab2923bae59c842523fa4fe3f8f48312d18f022a745654553674950702e07522884463357449eda35

Download Submit
memory/3464-135-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4288-137-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download