2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e

Analysis

max time kernel
65s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2022, 18:23

Target

2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.exe
Size

15.1MB
MD5

eea55d5531cc3c8d09e4236e95b42b10
SHA1

5389c3a868eb533030a6a0f4d0c828ddeb2599fd
SHA256

2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e
SHA512

aa7c7d28b1cdbdada274877f6241c944fd215e210901080db71719eedfabde2ad4c9ccc9641d25a598f95a3877eb4933dff2ede0f5f28d85727b33458cdc46b3
SSDEEP

393216:g790w0Lfc3hDzM5xwlSPalU6od2XJPCqjyeSLMW2Pa9x:g72w0wRDzMw5lUkjKBP

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4864	2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 4864	4720	2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.exe	80
PID 4720 wrote to memory of 4864	4720	2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.exe	80
PID 4720 wrote to memory of 4864	4720	2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.exe	80

C:\Users\Admin\AppData\Local\Temp\2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.exe
"C:\Users\Admin\AppData\Local\Temp\2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Users\Admin\AppData\Local\Temp\is-45OJA.tmp\2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-45OJA.tmp\2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.tmp" /SL5="$A01DE,15527855,58368,C:\Users\Admin\AppData\Local\Temp\2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.exe"
  2⤵
  - Executes dropped EXE
  PID:4864

C:\Users\Admin\AppData\Local\Temp\is-45OJA.tmp\2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.tmp

Filesize
706KB

MD5
a305877eabf2c8d30cd5df98345952ae

SHA1
c0518290145415e66f9f1b9a9c3c1b3e346a10fa

SHA256
8558efadf63fb12cf3ddacccfe07d397f2f902efadc4adf679a7e5c27cd49d76

SHA512
6f22868d451f3f07fdaa096b303a480fb9f5f9bd4675046bba79b9c15435892ea07b3ef5f3a3788144af696a675c2d4639ab4396e22761923c955747463b9fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-45OJA.tmp\2689b08fd35459cb179d2ddcdd625e11455b439cda4280fae32f04941995b58e.tmp

Filesize
706KB

MD5
a305877eabf2c8d30cd5df98345952ae

SHA1
c0518290145415e66f9f1b9a9c3c1b3e346a10fa

SHA256
8558efadf63fb12cf3ddacccfe07d397f2f902efadc4adf679a7e5c27cd49d76

SHA512
6f22868d451f3f07fdaa096b303a480fb9f5f9bd4675046bba79b9c15435892ea07b3ef5f3a3788144af696a675c2d4639ab4396e22761923c955747463b9fad

Download Submit
memory/4720-132-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4720-137-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4720-138-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download