ba0bfb8a877f1e1e44478859652ffb21fd7d735f6cd60522c2c6c44935ae50e8

Analysis

max time kernel
159s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2023, 12:04

Target

MBAMAnti-Exploit.exe
Size

1.8MB
MD5

5d0ab623841886a87aa91624ba9ebe8c
SHA1

80dd072858f264b64886b127b4c29528416f7907
SHA256

ba0bfb8a877f1e1e44478859652ffb21fd7d735f6cd60522c2c6c44935ae50e8
SHA512

872798e928a9942e1cdfd5cf1784b9e17afbf4ce48cfd56fd666bbb6650155b4a1ae4fe4010130d6c22ad54fdef9cafb529411dd6bc9e09189b688d0ce594f13
SSDEEP

24576:bQirYktyyktq4N+Lr+jXEYlYCH4NXfbgynPmEXmASclQjJheoXMRQ40n2whI/G6Y:b9jkFN+LOXEYljH4lzzmE2eGAt0/yu6Y

Score

4^/10

Executes dropped EXE 1 IoCs

pid	Process
4668	MBAMAnti-Exploit.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 4668	3428	MBAMAnti-Exploit.exe	82
PID 3428 wrote to memory of 4668	3428	MBAMAnti-Exploit.exe	82
PID 3428 wrote to memory of 4668	3428	MBAMAnti-Exploit.exe	82

C:\Users\Admin\AppData\Local\Temp\MBAMAnti-Exploit.exe
"C:\Users\Admin\AppData\Local\Temp\MBAMAnti-Exploit.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Users\Admin\AppData\Local\Temp\is-UAMVM.tmp\MBAMAnti-Exploit.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-UAMVM.tmp\MBAMAnti-Exploit.tmp" /SL5="$80066,1610809,56832,C:\Users\Admin\AppData\Local\Temp\MBAMAnti-Exploit.exe"
  2⤵
  - Executes dropped EXE
  PID:4668

C:\Users\Admin\AppData\Local\Temp\is-UAMVM.tmp\MBAMAnti-Exploit.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UAMVM.tmp\MBAMAnti-Exploit.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
memory/3428-133-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3428-144-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4668-139-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4668-145-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4668-146-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download