2086cc3e03375e6a3a5e09cff5d83a12b857e39080551655fa3eb55da45dd58a

Analysis

max time kernel
11s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2023 05:18

Target

Nyusu.exe
Size

29KB
MD5

eac900e8bf02efc34fbf83de78261fa8
SHA1

bc683bf2c76ba080b78313f26576946733ea0045
SHA256

2086cc3e03375e6a3a5e09cff5d83a12b857e39080551655fa3eb55da45dd58a
SHA512

d2b2abc7e16b5bbc43b6f448da04a4d61060dd5549b4d6ea4c0b4b1aa96f5b7e171a763a722a72f0f5370b50c1419cab29d8493bc6539624700c4290b9d4fbe9
SSDEEP

768:mfQAfpeBfCWg1se7MdL2FnMVXT2PaYJcPxSmOg+Q:qVfpeBfCWgRMdL2F8+nJuOq

Score

1^/10

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 1048	4704	Nyusu.exe	81
PID 4704 wrote to memory of 1048	4704	Nyusu.exe	81
PID 4704 wrote to memory of 1048	4704	Nyusu.exe	81
PID 4704 wrote to memory of 4076	4704	Nyusu.exe	82
PID 4704 wrote to memory of 4076	4704	Nyusu.exe	82
PID 4704 wrote to memory of 4076	4704	Nyusu.exe	82
PID 4704 wrote to memory of 3196	4704	Nyusu.exe	83
PID 4704 wrote to memory of 3196	4704	Nyusu.exe	83
PID 4704 wrote to memory of 3196	4704	Nyusu.exe	83
PID 4704 wrote to memory of 2952	4704	Nyusu.exe	84
PID 4704 wrote to memory of 2952	4704	Nyusu.exe	84
PID 4704 wrote to memory of 2952	4704	Nyusu.exe	84
PID 4704 wrote to memory of 4216	4704	Nyusu.exe	87
PID 4704 wrote to memory of 4216	4704	Nyusu.exe	87
PID 4704 wrote to memory of 4216	4704	Nyusu.exe	87

C:\Users\Admin\AppData\Local\Temp\Nyusu.exe
"C:\Users\Admin\AppData\Local\Temp\Nyusu.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color A
  2⤵
  PID:1048
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color B
  2⤵
  PID:4076
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color C
  2⤵
  PID:3196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color D
  2⤵
  PID:2952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color E
  2⤵
  PID:4216