d913a8b769f15f990535d033b50189f04378290cf0c44e58926980eae27459da

Analysis

max time kernel
117s
max time network
125s
platform
windows11-21h2_x64
resource
win11-20231129-en
resource tags

arch:x64arch:x86image:win11-20231129-enlocale:en-usos:windows11-21h2-x64system
submitted
09-12-2023 15:31

Target

addons/clean.exe
Size

169KB
MD5

daa2a95b0075a645e87e780ce42c1dc6
SHA1

43f48f43eb714a9c10c9714c31d02f61b0811169
SHA256

617d17faefdff70a50f49f0d8d00b9d77f422ddb0d8cecd217d3d5e9cf0bf623
SHA512

ea79091f15738bcc41b8bb5d0e85b876d71ee22cb1dbaf8354912c201a793586b779238ab676059d710be0bd58e27f87d51e1c416f40cace0abb16d4ba8e4913
SSDEEP

3072:9/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSFJH8KiHe1Czz1Q:wtzsb5Uh28+V1WW69B9VjMdxPedN9ugT

Score

1^/10

Delays execution with timeout.exe 2 IoCs
evasion

Processes:

timeout.exetimeout.exe

pid process

4292 timeout.exe
5072 timeout.exe

pid	process
4292	timeout.exe
5072	timeout.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

clean.execmd.exe

description	pid	process	target process
PID 2716 wrote to memory of 3544	2716	clean.exe	cmd.exe
PID 2716 wrote to memory of 3544	2716	clean.exe	cmd.exe
PID 3544 wrote to memory of 4152	3544	cmd.exe	chcp.com
PID 3544 wrote to memory of 4152	3544	cmd.exe	chcp.com
PID 3544 wrote to memory of 2208	3544	cmd.exe	cmd.exe
PID 3544 wrote to memory of 2208	3544	cmd.exe	cmd.exe
PID 3544 wrote to memory of 4584	3544	cmd.exe	cmd.exe
PID 3544 wrote to memory of 4584	3544	cmd.exe	cmd.exe
PID 3544 wrote to memory of 2000	3544	cmd.exe	clip.exe
PID 3544 wrote to memory of 2000	3544	cmd.exe	clip.exe
PID 3544 wrote to memory of 4292	3544	cmd.exe	timeout.exe
PID 3544 wrote to memory of 4292	3544	cmd.exe	timeout.exe
PID 3544 wrote to memory of 5072	3544	cmd.exe	timeout.exe
PID 3544 wrote to memory of 5072	3544	cmd.exe	timeout.exe

C:\Users\Admin\AppData\Local\Temp\addons\clean.exe
"C:\Users\Admin\AppData\Local\Temp\addons\clean.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2716

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C0DF.tmp\C0E0.tmp\C0E1.bat C:\Users\Admin\AppData\Local\Temp\addons\clean.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:3544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo "
3⤵
PID:2208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" set/p="K-M-SPOOFER-AQnbcf-FyPriM-vikfY0" "
3⤵
PID:4584

C:\Windows\system32\timeout.exe
timeout 1
3⤵
- Delays execution with timeout.exe
PID:4292

C:\Windows\system32\timeout.exe
timeout 30
3⤵
- Delays execution with timeout.exe
PID:5072

C:\Users\Admin\AppData\Local\Temp\C0DF.tmp\C0E0.tmp\C0E1.bat

Filesize
45KB

MD5
ecdb5c6bba807d3fb6204dbcc37fa220

SHA1
b831f193bc5e9810268d490fe1164833d379ddde

SHA256
c80ea993d241946a08cba8efedccf1cd580bdb0eb8f58e33433256fef1362810

SHA512
ea1548c6798afff06788b9c9b3bbbb91f707708f877a8bf3e95983677dac2339681436a19ffe6b4e4f48e1628774b283b9550ed0b09453a86f6ecfb8f299dca5

Download Submit