3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4

Analysis

max time kernel
149s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2023, 17:59

Target

3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4.exe
Size

2.8MB
MD5

a615d59b01221420bb127d1339eb005a
SHA1

1c81255e04464f49875680fa29c7581342a232b5
SHA256

3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4
SHA512

3471dc578a6e1404bf152ce09a88f45f4b9ec0e3636f15b11a9a600c16a83fe5fed5fa529ad8636e1d8098f8ceb4cd7c24a58f530fda1171061a85057b601640
SSDEEP

49152:Uxt/cVH7WBr7iX9fEwpRijCklsRFpFVi2Pvm/U1Je9ZZusth:UxdclM6RAC1RFpji2P+/UqrZu

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 4396	2900	3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4.exe	87
PID 2900 wrote to memory of 4396	2900	3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4.exe	87
PID 2900 wrote to memory of 4396	2900	3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4.exe	87
PID 4396 wrote to memory of 4944	4396	cmd.exe	88
PID 4396 wrote to memory of 4944	4396	cmd.exe	88
PID 4396 wrote to memory of 4944	4396	cmd.exe	88
PID 2900 wrote to memory of 3980	2900	3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4.exe	89
PID 2900 wrote to memory of 3980	2900	3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4.exe	89
PID 2900 wrote to memory of 3980	2900	3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4.exe	89

C:\Users\Admin\AppData\Local\Temp\3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4.exe
"C:\Users\Admin\AppData\Local\Temp\3db886cc215c3425dbeb2ba62e9a1e297f1c6ef7f7e875bce02d2b1e1a180be4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c MODE CON COLS=215 LINES=22
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4396
- - C:\Windows\SysWOW64\mode.com
    MODE CON COLS=215 LINES=22
    3⤵
    PID:4944
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c Color A
  2⤵
  PID:3980