86bb4ba05ac11a1f5f5b4e7797315959cb03ae359b322a741f34f19ea3a9f69a

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 16:35

Target

f3fc9bc847d5c0871a182c4a1b51442a.exe
Size

79KB
MD5

f3fc9bc847d5c0871a182c4a1b51442a
SHA1

59c26ae665e9d54a79ac89ea65c4c145dcef8e12
SHA256

86bb4ba05ac11a1f5f5b4e7797315959cb03ae359b322a741f34f19ea3a9f69a
SHA512

b4f942f8701f2a1d5a51e717fab40dbfe591b2ac5e5c2ae1d41dd9dd8aa0b3578380066a5f5aa4b7fffffdfa9270e1dd629aa63ed717f8e3c153ddadf39828f9
SSDEEP

1536:zv5PPPfN3iPxd5wsxOOQA8AkqUhMb2nuy5wgIP0CSJ+5yKB8GMGlZ5G:zv5PPPl3qvpGdqU7uy5w9WMyKN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4476	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1744	1952	f3fc9bc847d5c0871a182c4a1b51442a.exe	91
PID 1952 wrote to memory of 1744	1952	f3fc9bc847d5c0871a182c4a1b51442a.exe	91
PID 1952 wrote to memory of 1744	1952	f3fc9bc847d5c0871a182c4a1b51442a.exe	91
PID 1744 wrote to memory of 4476	1744	cmd.exe	92
PID 1744 wrote to memory of 4476	1744	cmd.exe	92
PID 1744 wrote to memory of 4476	1744	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\f3fc9bc847d5c0871a182c4a1b51442a.exe
"C:\Users\Admin\AppData\Local\Temp\f3fc9bc847d5c0871a182c4a1b51442a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4476

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f761c944648e6fd94cf839b2994acc1b

SHA1
b8ecbce501294e81c20173b340b28a9753b58685

SHA256
fd82eea520b063eca7dcaf7b7b9f07d8ffbc702f0345b76c632739b0dbeb2a74

SHA512
49519c82e50b430c2a209122eebbb01dd2af735950b217aa6f29d2b7c4f72ea4d3cb0eb0b02c6cb66147d74514d1d1bb418cc6a6f5946b5233a972e46b357c52

Download Submit
memory/1952-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4476-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download