655bb2fced74fcf8ad0f486ecf14a3b5e940fcf414a4b22e33fe9db67f734799

Analysis

max time kernel
121s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2023 04:43

Target

webloader.exe
Size

544KB
MD5

9ad56b40879867ace2dd0f0c5be9a78d
SHA1

fc30b5937763ea6582c6b73a8d9911f90c4b04bc
SHA256

655bb2fced74fcf8ad0f486ecf14a3b5e940fcf414a4b22e33fe9db67f734799
SHA512

baaaf8d0485c57894db863b4a9a3deb1c350a3d7a17ef33a07b4b4c64e7c2be869cabc4ac92f156966cf1a42aede35c5bf3c409b2b80f0737b5a79b9f3a167df
SSDEEP

6144:qO4lZrHnBemASTmhAIwfl+NZuAgSh8S4MxwE8R+zeWdU2G1T9JCWBj46NnhJAYS7:IoMflxkf5oEVdU2WTiWBc6NhmomTm1

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2108	2100	webloader.exe	88
PID 2100 wrote to memory of 2108	2100	webloader.exe	88
PID 2108 wrote to memory of 4360	2108	cmd.exe	89
PID 2108 wrote to memory of 4360	2108	cmd.exe	89
PID 2108 wrote to memory of 2808	2108	cmd.exe	90
PID 2108 wrote to memory of 2808	2108	cmd.exe	90
PID 2108 wrote to memory of 4984	2108	cmd.exe	91
PID 2108 wrote to memory of 4984	2108	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\webloader.exe
"C:\Users\Admin\AppData\Local\Temp\webloader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\webloader.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\webloader.exe" MD5
    3⤵
    PID:4360
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:2808
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:4984