9ab49d93166d430514b0aaf6dda3fdc6b37e2fe1d0df8ecc04403cd2be40e78b

Analysis

max time kernel
155s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 01:29

Target

Git-2.29.2.2-64-bit.exe
Size

46.3MB
MD5

77b453522525550cc43e9ac84706df8b
SHA1

a3d2e40b95113d45de8977c54a790a948cce879b
SHA256

9ab49d93166d430514b0aaf6dda3fdc6b37e2fe1d0df8ecc04403cd2be40e78b
SHA512

da4445567e477a6bcd967a881de373577110df3d78afb07c2d1577ec9f58317817eccd4f3aa3578f3bbe8171f11edbd0564d3f6962ca86bcd06827f8dbb784f8
SSDEEP

786432:5lbkYkIYrV3U5UGp9AJ37aYmWllU8B1CoYUHbB5i6feNDip4wEJ7RMfL41yOjuu:5NkYkIYrV3U5UGXwG4UO1SUHbB81OWwO

Score

4^/10

Executes dropped EXE 1 IoCs

pid	Process
2904	Git-2.29.2.2-64-bit.tmp

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 2904	4848	Git-2.29.2.2-64-bit.exe	86
PID 4848 wrote to memory of 2904	4848	Git-2.29.2.2-64-bit.exe	86
PID 4848 wrote to memory of 2904	4848	Git-2.29.2.2-64-bit.exe	86
PID 2904 wrote to memory of 2260	2904	Git-2.29.2.2-64-bit.tmp	89
PID 2904 wrote to memory of 2260	2904	Git-2.29.2.2-64-bit.tmp	89
PID 2904 wrote to memory of 3232	2904	Git-2.29.2.2-64-bit.tmp	91
PID 2904 wrote to memory of 3232	2904	Git-2.29.2.2-64-bit.tmp	91
PID 2904 wrote to memory of 1012	2904	Git-2.29.2.2-64-bit.tmp	93
PID 2904 wrote to memory of 1012	2904	Git-2.29.2.2-64-bit.tmp	93
PID 1012 wrote to memory of 2408	1012	cmd.exe	95
PID 1012 wrote to memory of 2408	1012	cmd.exe	95
PID 2408 wrote to memory of 1152	2408	net.exe	96
PID 2408 wrote to memory of 1152	2408	net.exe	96

C:\Users\Admin\AppData\Local\Temp\Git-2.29.2.2-64-bit.exe
"C:\Users\Admin\AppData\Local\Temp\Git-2.29.2.2-64-bit.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Users\Admin\AppData\Local\Temp\is-MTJ2E.tmp\Git-2.29.2.2-64-bit.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-MTJ2E.tmp\Git-2.29.2.2-64-bit.tmp" /SL5="$F01CA,47876635,224256,C:\Users\Admin\AppData\Local\Temp\Git-2.29.2.2-64-bit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe" /D /C .\mingw64\bin\git.exe config -l -z -f "C:\ProgramData\Git\config" >"C:\Users\Admin\AppData\Local\Temp\is-7MK4B.tmp\git-config-get.txt"
    3⤵
    PID:2260
- - C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe" /D /C .\mingw64\bin\git.exe config -l -z --system >"C:\Users\Admin\AppData\Local\Temp\is-7MK4B.tmp\git-config-get.txt"
    3⤵
    PID:3232
- - C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe" /d /c net session >"C:\Users\Admin\AppData\Local\Temp\is-7MK4B.tmp\net-session.txt"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1012
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2408
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:1152

C:\Users\Admin\AppData\Local\Temp\is-MTJ2E.tmp\Git-2.29.2.2-64-bit.tmp

Filesize
1.2MB

MD5
3757d938b40a82c414246df2cd96b6a1

SHA1
7f0ca5572e2fe1608d540022ef97e32818ecb359

SHA256
45160b5d1a8dbc8734926b36fe36b7036d9fe1341e199f91b10441d73ff747b6

SHA512
b593c8f420fd25ec280b014383fc78e1e376e1b578609e9b02c7187fc96bc02af39bd9ccc21cc92fbec9c33deb13446a462df76533493af051abd67e24a31253

Download Submit
memory/2904-7-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/2904-11-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/2904-12-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/2904-15-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/4848-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4848-2-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4848-8-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4848-10-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download