138d95098ef622ac31bd06d6af23f4efedb8ff58efc3109884e2fac3e4fb6f15

Resubmissions

22/05/2023, 09:15

22/05/2023, 09:10

max time kernel
87s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2023, 09:15

Target

lib.exe
Size

103.3MB
MD5

a6140a39e521381f195e299efdb69a6c
SHA1

78561f13bb18fa29777119db310168a61a7f3010
SHA256

138d95098ef622ac31bd06d6af23f4efedb8ff58efc3109884e2fac3e4fb6f15
SHA512

6115cd7c5aa684903fc694849f3786eb0ced384925f66d6a03f157f330e667837002cdaea7178424c18ed5899f1a3ad0ee43d45d5729c79a713d08a23be13ef2
SSDEEP

786432:d0LoCOn+2gs4urYDNulLBiuPeoXgoK2YOFxd9C+NaRm8oJk54NDKxhJODsWXBFHL:dMoCm/gXwsR6Z

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 3620	1772	lib.exe	87
PID 1772 wrote to memory of 3620	1772	lib.exe	87
PID 3620 wrote to memory of 112	3620	cmd.exe	88
PID 3620 wrote to memory of 112	3620	cmd.exe	88

C:\Users\Admin\AppData\Local\Temp\lib.exe
"C:\Users\Admin\AppData\Local\Temp\lib.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\lib.exe C:\snapshot\package v/index2.js"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3620
- - C:\Users\Admin\AppData\Local\Temp\lib.exe
    C:\Users\Admin\AppData\Local\Temp\lib.exe C:\snapshot\package v/index2.js
    3⤵
    PID:112