d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48

Analysis

max time kernel
195s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 21:59

Target

d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe
Size

57KB
MD5

30b80f5f0124626810ea32f62f5622db
SHA1

32cd5cbe57f3d6dd0452d553e3365c74c64587c2
SHA256

d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48
SHA512

7df5c49a66d9c607d83b6049f51b6c2e7923fbc3844196b33537c297309a8f2f231d3741d2d43853f0e86dcf715276bd6334c3c1eb9cd9d3137a24043f335182
SSDEEP

1536:sdwMGWez2yTFAWHwabD5P9n55f6oMGMGHX:s2MGWpyXwaXnDf6s

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
3396	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 3140	308	d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe	83
PID 308 wrote to memory of 3140	308	d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe	83
PID 308 wrote to memory of 3140	308	d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe	83
PID 3140 wrote to memory of 3396	3140	cmd.exe	84
PID 3140 wrote to memory of 3396	3140	cmd.exe	84
PID 3140 wrote to memory of 3396	3140	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe
"C:\Users\Admin\AppData\Local\Temp\d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:308
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3140
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3396

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
57KB

MD5
bd05707a07c7262002ab9c8bd7dff10e

SHA1
6baf73a3be1f6fe603d873e271ef38869801d43b

SHA256
b69d18e5a0f3523cc2d25be95ebe9e1598785cdafe442863ae17e7dbeb702ecb

SHA512
6d751cec18f1db74e794efe6dad4c378bcb3de6a8911ea6c057fb8d9b98b166e952f7143c6b6b6e16ae65ea20f8c0055d0366d1c8ab1dd7820b158e803c2f9dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
57KB

MD5
bd05707a07c7262002ab9c8bd7dff10e

SHA1
6baf73a3be1f6fe603d873e271ef38869801d43b

SHA256
b69d18e5a0f3523cc2d25be95ebe9e1598785cdafe442863ae17e7dbeb702ecb

SHA512
6d751cec18f1db74e794efe6dad4c378bcb3de6a8911ea6c057fb8d9b98b166e952f7143c6b6b6e16ae65ea20f8c0055d0366d1c8ab1dd7820b158e803c2f9dd

Download Submit