84230a9a5a6ed08e6247f66f234ffdd1701c7794b43714a5d4f72474b6b406a0

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2023 06:11

Target

84230a9a5a6ed08e6247f66f234ffdd1701c7794b43714a5d4f72474b6b406a0.exe
Size

588KB
MD5

20f979c53427625891c177d35fa57b7a
SHA1

cffb95072cf3f6b7b7a1f83bf6a5740f1987d57c
SHA256

84230a9a5a6ed08e6247f66f234ffdd1701c7794b43714a5d4f72474b6b406a0
SHA512

76ed80ceed1c65a0e99eaae38eebdc9f566caa16290a8d2d588732b394494ba6a1760f24b8f13a264d61739637f35f72d75db4353a262b47d8795f6819c35935
SSDEEP

6144:M9l4W/pvV3VNNDGbpjTvAXuvO+bJqVG5d1IpMyibgkTZI6jHID90arBXHH/u6GUv:M9l4MVgTYob3d6tevox7BX/u6Gm

Score

1^/10

Modifies registry class 1 IoCs

Processes:

calc.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000_Classes\Local Settings calc.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

2840 OpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000_Classes\Local Settings	calc.exe

pid	process
2840	OpenWith.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

84230a9a5a6ed08e6247f66f234ffdd1701c7794b43714a5d4f72474b6b406a0.execmd.exe

description	pid	process	target process
PID 4852 wrote to memory of 1652	4852	84230a9a5a6ed08e6247f66f234ffdd1701c7794b43714a5d4f72474b6b406a0.exe	cmd.exe
PID 4852 wrote to memory of 1652	4852	84230a9a5a6ed08e6247f66f234ffdd1701c7794b43714a5d4f72474b6b406a0.exe	cmd.exe
PID 1652 wrote to memory of 4404	1652	cmd.exe	calc.exe
PID 1652 wrote to memory of 4404	1652	cmd.exe	calc.exe

C:\Users\Admin\AppData\Local\Temp\84230a9a5a6ed08e6247f66f234ffdd1701c7794b43714a5d4f72474b6b406a0.exe
"C:\Users\Admin\AppData\Local\Temp\84230a9a5a6ed08e6247f66f234ffdd1701c7794b43714a5d4f72474b6b406a0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Windows\system32\cmd.exe
  "cmd" /C calc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2840

memory/4852-0-0x000001A38E910000-0x000001A38E951000-memory.dmp

Filesize
260KB

Download