Analysis
-
max time kernel
58s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2023 01:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
799fc9f4ea57a15619f8fd9ddf758950.exe
Resource
win7-20230621-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
799fc9f4ea57a15619f8fd9ddf758950.exe
Resource
win10v2004-20230621-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
799fc9f4ea57a15619f8fd9ddf758950.exe
-
Size
703KB
-
MD5
799fc9f4ea57a15619f8fd9ddf758950
-
SHA1
b44d2bdb442811c4b4894ea4cb81a6d3a7999670
-
SHA256
a4a5d231bbf2655f226459365ddc995ed0c1f223ec1f52d5807c8c1d167e98cb
-
SHA512
1ad285fb602d88fc7e250a107618ab604b609797549d51d79ec9f538c1b971fc926ce8beee2f2029f1b7d98a6bf99ca1f729a6d5e05b45bf145e498b5b8746f9
-
SSDEEP
6144:5UPAUV624Zk+nC+f8Z7DgMvVXYNlV8F/2/6utZeiXhOy8oMmkCOutH5BysohXowm:5mV620nN8ZoAutZeiXhOBuOaBToG4ZY
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 2128 wrote to memory of 3760 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 85 PID 2128 wrote to memory of 3760 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 85 PID 2128 wrote to memory of 2044 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 86 PID 2128 wrote to memory of 2044 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 86 PID 2128 wrote to memory of 1896 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 87 PID 2128 wrote to memory of 1896 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 87 PID 2128 wrote to memory of 1476 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 88 PID 2128 wrote to memory of 1476 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 88 PID 2128 wrote to memory of 4952 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 89 PID 2128 wrote to memory of 4952 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 89 PID 2128 wrote to memory of 1688 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 90 PID 2128 wrote to memory of 1688 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 90 PID 2128 wrote to memory of 3788 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 91 PID 2128 wrote to memory of 3788 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 91 PID 2128 wrote to memory of 3892 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 92 PID 2128 wrote to memory of 3892 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 92 PID 2128 wrote to memory of 4872 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 93 PID 2128 wrote to memory of 4872 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 93 PID 2128 wrote to memory of 3972 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 94 PID 2128 wrote to memory of 3972 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 94 PID 2128 wrote to memory of 344 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 95 PID 2128 wrote to memory of 344 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 95 PID 2128 wrote to memory of 2264 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 96 PID 2128 wrote to memory of 2264 2128 799fc9f4ea57a15619f8fd9ddf758950.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\799fc9f4ea57a15619f8fd9ddf758950.exe"C:\Users\Admin\AppData\Local\Temp\799fc9f4ea57a15619f8fd9ddf758950.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c title Windows Activation Fix2⤵PID:3760
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 0b2⤵PID:2044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo.2⤵PID:1896
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo This tool will fix your Windows Activation2⤵PID:1476
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo.2⤵PID:4952
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo.2⤵PID:1688
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo.2⤵PID:3788
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo Made by skidaim#06072⤵PID:3892
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo.2⤵PID:4872
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo.2⤵PID:3972
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo.2⤵PID:344
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pause2⤵PID:2264
-