3b07621bf3d247246005738667618d1161134f817208411ea1f769850b769686

Resubmissions

09-05-2023 18:56

09-05-2023 18:53

max time kernel
43s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2023 18:53

Target

87c64b374f44ac558513f3cc2679354e.exe
Size

604KB
MD5

87c64b374f44ac558513f3cc2679354e
SHA1

ca6ecc8a05a4b7240b67f9602694821474630ba0
SHA256

3b07621bf3d247246005738667618d1161134f817208411ea1f769850b769686
SHA512

073271c5b376890e71a1fcefa4706bc8ce312175ab95bc6d726c38aa3fcea4b764a8f391e9a7a98346cc96badbe38a1d43070f549259bb8fb71ed6e7b48dd7a4
SSDEEP

6144:XdVW+PZj6b+HdtH9Wd1yxBMfQesCDeNxAoDwK3bHKsnobns+NOYuR6NN12tjyh07:XXZu+Hdsy7Mfbs3xA83LUnY6NNKjq0XL

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1072	embedded.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4196	1448	WerFault.exe	87

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 3540	4228	87c64b374f44ac558513f3cc2679354e.exe	85
PID 4228 wrote to memory of 3540	4228	87c64b374f44ac558513f3cc2679354e.exe	85
PID 4228 wrote to memory of 3540	4228	87c64b374f44ac558513f3cc2679354e.exe	85
PID 3540 wrote to memory of 1072	3540	cmd.exe	86
PID 3540 wrote to memory of 1072	3540	cmd.exe	86
PID 3540 wrote to memory of 1072	3540	cmd.exe	86
PID 1072 wrote to memory of 1448	1072	embedded.exe	87
PID 1072 wrote to memory of 1448	1072	embedded.exe	87
PID 1072 wrote to memory of 1448	1072	embedded.exe	87
PID 1072 wrote to memory of 1448	1072	embedded.exe	87

C:\Users\Admin\AppData\Local\Temp\87c64b374f44ac558513f3cc2679354e.exe
"C:\Users\Admin\AppData\Local\Temp\87c64b374f44ac558513f3cc2679354e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c embedded.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\embedded.exe
    embedded.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1072
  - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      4⤵
      PID:1448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 408
        5⤵
        Program crash
        
        PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 1448 -ip 1448
1⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\embedded.exe

Filesize
66KB

MD5
140d24af0c2b3a18529df12dfbc5f6de

SHA1
e8db5ad2b7ffede3e41b9c3adb24f3232d764931

SHA256
4eabb1adc035f035e010c0d0d259c683e18193f509946652ed8aa7c5d92b6a92

SHA512
a2ead649f155555ec3e55800494f833d18cea68afe736807ec23b5991242928a0853e451b60894ec8e0abe8c42db341c2237007981f38f0366fd7c6ecafb7415

Download Submit
C:\Users\Admin\AppData\Local\Temp\embedded.exe

Filesize
66KB

MD5
140d24af0c2b3a18529df12dfbc5f6de

SHA1
e8db5ad2b7ffede3e41b9c3adb24f3232d764931

SHA256
4eabb1adc035f035e010c0d0d259c683e18193f509946652ed8aa7c5d92b6a92

SHA512
a2ead649f155555ec3e55800494f833d18cea68afe736807ec23b5991242928a0853e451b60894ec8e0abe8c42db341c2237007981f38f0366fd7c6ecafb7415

Download Submit
memory/1072-138-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4228-139-0x0000000000230000-0x00000000002AC000-memory.dmp

Filesize
496KB

Download