6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e

Analysis

max time kernel
349s
max time network
406s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 23:06

Target

6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe
Size

95KB
MD5

56945803017bb98f3dd21a822b015bbe
SHA1

a65c214220c9342f9e3653342a50f94410411cf4
SHA256

6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e
SHA512

3ca5e1c8e848152992451924e80c4d4c3849116103dc602c0d80d7cd70b6d5d648646c94106a7499863de245dbee455301a97a7dea2572258c11c159c794836e
SSDEEP

1536:fHFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prnMW5mb5EOx:fxS4jHS8q/3nTzePCwNUh4E9nWbGOx

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4708	mucjcrefqu

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4708	mucjcrefqu
4708	mucjcrefqu

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4708	4900	6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe	83
PID 4900 wrote to memory of 4708	4900	6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe	83
PID 4900 wrote to memory of 4708	4900	6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe	83

C:\Users\Admin\AppData\Local\Temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe
"C:\Users\Admin\AppData\Local\Temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- \??\c:\users\admin\appdata\local\mucjcrefqu
  "C:\Users\Admin\AppData\Local\Temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe" a -sc:\users\admin\appdata\local\temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4708

C:\Users\Admin\AppData\Local\mucjcrefqu

Filesize
6.5MB

MD5
06e942099659f8e1c62beca937be291d

SHA1
beda2f019413f2cf0f9f7830d32b8cfbf582e791

SHA256
5f01ca8ebf9e5f30164dd4b95aaa114f6bd8a785b2b98646d2d869ff1808ba7d

SHA512
b09b4a619aac5b6106ec4ad63c7af4d193321c332d699d6cf1b171da7b60fc8a11bf49b632f69e58017cd7da1a17ed482f5a9e3afc5e65c5492859454ccd2049

Download Submit
\??\c:\users\admin\appdata\local\mucjcrefqu

Filesize
6.5MB

MD5
06e942099659f8e1c62beca937be291d

SHA1
beda2f019413f2cf0f9f7830d32b8cfbf582e791

SHA256
5f01ca8ebf9e5f30164dd4b95aaa114f6bd8a785b2b98646d2d869ff1808ba7d

SHA512
b09b4a619aac5b6106ec4ad63c7af4d193321c332d699d6cf1b171da7b60fc8a11bf49b632f69e58017cd7da1a17ed482f5a9e3afc5e65c5492859454ccd2049

Download Submit
memory/4708-136-0x0000000000400000-0x000000000044E348-memory.dmp

Filesize
312KB

Download
memory/4708-137-0x0000000000400000-0x000000000044E348-memory.dmp

Filesize
312KB

Download
memory/4900-132-0x0000000000400000-0x000000000044E348-memory.dmp

Filesize
312KB

Download