cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60

Analysis

max time kernel
181s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 05:45

Target

cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe
Size

971KB
MD5

287b09ad43811b369978a0e4456ea8bf
SHA1

0b8b664aede052764d30a61e307da5bb894c8e63
SHA256

cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60
SHA512

564565c4d6c46bc893da90abc07261e6b55e6a28a5a7b643b2a97b6264d6dacd8492179338b229cc331b8a6efc909df05d19394bbb8a4f6b90a6ba2967a123f9
SSDEEP

12288:0P2LZX+pd167QhEXn75MM+M64wR9jMkIM7X75nB+pd167QhEc:A2dE6EhG7eM+M63hMkIM7X7pO6Eh

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
2100	cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 2100	4400	cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe	84
PID 4400 wrote to memory of 2100	4400	cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe	84
PID 4400 wrote to memory of 2100	4400	cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe	84

C:\Users\Admin\AppData\Local\Temp\cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe
"C:\Users\Admin\AppData\Local\Temp\cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Users\Admin\AppData\Roaming\cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe
  "C:\Users\Admin\AppData\Roaming\cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe"
  2⤵
  - Executes dropped EXE
  PID:2100

C:\Users\Admin\AppData\Roaming\cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe

Filesize
971KB

MD5
287b09ad43811b369978a0e4456ea8bf

SHA1
0b8b664aede052764d30a61e307da5bb894c8e63

SHA256
cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60

SHA512
564565c4d6c46bc893da90abc07261e6b55e6a28a5a7b643b2a97b6264d6dacd8492179338b229cc331b8a6efc909df05d19394bbb8a4f6b90a6ba2967a123f9

Download Submit
C:\Users\Admin\AppData\Roaming\cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60.exe

Filesize
971KB

MD5
287b09ad43811b369978a0e4456ea8bf

SHA1
0b8b664aede052764d30a61e307da5bb894c8e63

SHA256
cb85d2ce2ac89058f4e0a09c7d9146b2f8962ed85cc1e7d69d1b8ab6bdc1cd60

SHA512
564565c4d6c46bc893da90abc07261e6b55e6a28a5a7b643b2a97b6264d6dacd8492179338b229cc331b8a6efc909df05d19394bbb8a4f6b90a6ba2967a123f9

Download Submit
memory/2100-138-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/4400-133-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/4400-137-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download