77c4952c431e6392116929be4ba17176a1612d36413b8b50e4e28545ebffd9e7

Analysis

max time kernel
82s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2023 15:20

Target

steam (1).exe
Size

689KB
MD5

e3efd8829159fe62b160aea5e812e27b
SHA1

76c1b1e1fcc683d98c547848ce4ddff971a2e515
SHA256

77c4952c431e6392116929be4ba17176a1612d36413b8b50e4e28545ebffd9e7
SHA512

d8ba123135424640376c34bb357e750246a011f28eddec64da4a314a300bde8d045f5f24e1b632a71e7596aa65dceb53dc3692a393d8411a749df8db5de704ab
SSDEEP

12288:eU4+tUBks/Ol/GdUsvAvLdxloVaZZe9onBELzsunph0lhSMXlCEl3mObTW:34+CkeOljsvAvLdjoVwZRW/h0lhSMXlc

Score

1^/10

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 3008	1208	steam (1).exe	81
PID 1208 wrote to memory of 3008	1208	steam (1).exe	81
PID 1208 wrote to memory of 3008	1208	steam (1).exe	81

C:\Users\Admin\AppData\Local\Temp\steam (1).exe
"C:\Users\Admin\AppData\Local\Temp\steam (1).exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c title Steam
  2⤵
  PID:3008