39fb37d73fcd8c613b0a42b4ef8b0823b6300943357c04456064852424015f0e

Analysis

max time kernel
110s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
13-12-2023 16:35

Target

06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe
Size

6.9MB
MD5

23969a4ef90b4c3acf54150097f6b1b9
SHA1

1c85bff30b3c4f822ac33c48442fdc2f51cd5645
SHA256

06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280
SHA512

c970ee4541af0d8a11c179250ebdb74913b9775f34fe860e3f3840a7b579dcf7ee09aa8cacbc4cb491ad5ec0fb44bf265d9b611b841b5ca21fc04c069b3d1f63
SSDEEP

49152:a92mic7iMnbPvRUAm+ugRkqjR7Q8TOc5KubExvCsNGEgveIXB4Iu9NT/IeswF69G:/mP7i+Rf0es5u29NTAcSE8HIX

Score

7^/10

Drops startup file 2 IoCs

Processes:

cmd.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	cmd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	cmd.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe

description	pid	process	target process
PID 3460 wrote to memory of 4520	3460	06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe	cmd.exe
PID 3460 wrote to memory of 4520	3460	06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe	cmd.exe
PID 3460 wrote to memory of 4520	3460	06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe
"C:\Users\Admin\AppData\Local\Temp\06ca26d431a929cfd719458da758b7ac404b5865ae720e9ed2b4b3a9f0187280.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3460

C:\Windows\SysWOW64\cmd.exe
cmd /Q /C C:\Users\Admin\AppData\Local\Temp/s.bat
2⤵
- Drops startup file
PID:4520

C:\Users\Admin\AppData\Local\Temp\s.bat
Filesize
323B

MD5
2d4d597e3ccc747887f77f9c73888a67

SHA1
b1c837d274fa0c789490f1e14d68de695b95254a

SHA256
f54cd610db2c92f85a651129e2d581743abd9362ef87674b494ddf157105af97

SHA512
e36ef6db374ccbf7a448c8afeb09108a1a89a995235f33034c661153e34855980e63530db732e4b63d46ab50586f6b243781ff184895921e931f3696c0a655cb

Download Submit
memory/3460-0-0x0000000000400000-0x0000000000AE4000-memory.dmp

Filesize
6.9MB

Download
memory/3460-6-0x0000000000400000-0x0000000000AE4000-memory.dmp

Filesize
6.9MB

Download