c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a

Analysis

max time kernel
91s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2023, 09:30

Target

c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a.exe
Size

2.7MB
MD5

50c5266d2f2d11dc7a13a64a7214bde7
SHA1

b42daaeb171643cf6b83cb03609242d909c0d0c4
SHA256

c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a
SHA512

ecf8bfba80c0c7f38226b31ead7091596e7b644650b55f643ba22e65056e5e2012a1c86ca235a29ae0bfb525280db7f1a4a1e6c05a1474423c1d96c2c9160502
SSDEEP

49152:9MVkXcZTciEZoOxgUCumhpLWS2BrRAaf/v9FuZrDCKgJfwm1p7Xn:9hX4JuGLWS2BtTf/vSZrDMfwyp

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 4404	4160	c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a.exe	83
PID 4160 wrote to memory of 4404	4160	c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a.exe	83
PID 4160 wrote to memory of 4404	4160	c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a.exe	83
PID 4404 wrote to memory of 2096	4404	cmd.exe	84
PID 4404 wrote to memory of 2096	4404	cmd.exe	84
PID 4404 wrote to memory of 2096	4404	cmd.exe	84
PID 4160 wrote to memory of 3444	4160	c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a.exe	85
PID 4160 wrote to memory of 3444	4160	c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a.exe	85
PID 4160 wrote to memory of 3444	4160	c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a.exe	85

C:\Users\Admin\AppData\Local\Temp\c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a.exe
"C:\Users\Admin\AppData\Local\Temp\c687c3f5216c0e56eef5095a8348ed555507153df7a5d9f84f635d744e62445a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c MODE CON COLS=215 LINES=22
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4404
- - C:\Windows\SysWOW64\mode.com
    MODE CON COLS=215 LINES=22
    3⤵
    PID:2096
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color A
  2⤵
  PID:3444