16074a4b00a013ce22996daf60646805a125aa60021e5554fd2c6e7012cc3a37

Analysis

max time kernel
112s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2023, 03:33

Target

3747725526.exe
Size

29KB
MD5

5aee16fd49f11c6b93d57c5eb5f46d62
SHA1

76235190cdb31fd0bdca75df462953aa7b8c2737
SHA256

16074a4b00a013ce22996daf60646805a125aa60021e5554fd2c6e7012cc3a37
SHA512

a0ca2930e1d51873ac3da81856e93638f72ff4ddda788d19a83454cc86e4c0b0f2424e0b284c3976af0de18bd5b98c007abdcdae5ec5f93183826be2d6ba776f
SSDEEP

768:KfQAfpeBfCWg1se7MdL2FnMVXTPPaYJcPxSmOg+Qac:mVfpeBfCWgRMdL2F8HnJuOqac

Score

1^/10

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 4300	1480	3747725526.exe	81
PID 1480 wrote to memory of 4300	1480	3747725526.exe	81
PID 1480 wrote to memory of 4300	1480	3747725526.exe	81
PID 1480 wrote to memory of 2220	1480	3747725526.exe	82
PID 1480 wrote to memory of 2220	1480	3747725526.exe	82
PID 1480 wrote to memory of 2220	1480	3747725526.exe	82
PID 1480 wrote to memory of 3256	1480	3747725526.exe	83
PID 1480 wrote to memory of 3256	1480	3747725526.exe	83
PID 1480 wrote to memory of 3256	1480	3747725526.exe	83
PID 1480 wrote to memory of 2940	1480	3747725526.exe	84
PID 1480 wrote to memory of 2940	1480	3747725526.exe	84
PID 1480 wrote to memory of 2940	1480	3747725526.exe	84
PID 1480 wrote to memory of 4644	1480	3747725526.exe	85
PID 1480 wrote to memory of 4644	1480	3747725526.exe	85
PID 1480 wrote to memory of 4644	1480	3747725526.exe	85

C:\Users\Admin\AppData\Local\Temp\3747725526.exe
"C:\Users\Admin\AppData\Local\Temp\3747725526.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color A
  2⤵
  PID:4300
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color B
  2⤵
  PID:2220
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color C
  2⤵
  PID:3256
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color D
  2⤵
  PID:2940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color E
  2⤵
  PID:4644