65cb9876eff010e6b9ae1cb159adfcab06ffd1ab736ab3cec4266a89b1d26191

Analysis

max time kernel
145s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 23:16

Target

18c1ae272af6c2531e0010aa65d878b7.exe
Size

656KB
MD5

18c1ae272af6c2531e0010aa65d878b7
SHA1

ff372d2fe6ac2040c8f6ce1d49ae8d53b6f3d065
SHA256

65cb9876eff010e6b9ae1cb159adfcab06ffd1ab736ab3cec4266a89b1d26191
SHA512

9a86d293f67a496c1db4ab705e5bf156b05a0596d33580eccf2c10bb3303262e9c103b85d6603a3bf93bbc86c2ec5e829b941afafb0afa4fefd0bfb947eb4e2b
SSDEEP

12288:5na9/ieRlatDR16XgDVxOENi/uLpU3ehvkQLZ6EDOtcvS38LCJQBtdGs1rBLsJ:5naVkGX8OENifGvkW6NkS3rJQBtUkBgJ

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4884	18c1ae272af6c2531e0010aa65d878b7.tmp

Loads dropped DLL 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 4884	3192	18c1ae272af6c2531e0010aa65d878b7.exe	19
PID 3192 wrote to memory of 4884	3192	18c1ae272af6c2531e0010aa65d878b7.exe	19
PID 3192 wrote to memory of 4884	3192	18c1ae272af6c2531e0010aa65d878b7.exe	19

C:\Users\Admin\AppData\Local\Temp\18c1ae272af6c2531e0010aa65d878b7.exe
"C:\Users\Admin\AppData\Local\Temp\18c1ae272af6c2531e0010aa65d878b7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Users\Admin\AppData\Local\Temp\is-62RIU.tmp\18c1ae272af6c2531e0010aa65d878b7.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-62RIU.tmp\18c1ae272af6c2531e0010aa65d878b7.tmp" /SL5="$C01C6,396424,54272,C:\Users\Admin\AppData\Local\Temp\18c1ae272af6c2531e0010aa65d878b7.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4884

memory/3192-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3192-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3192-36-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4884-7-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/4884-17-0x0000000003170000-0x00000000031AC000-memory.dmp

Filesize
240KB

Download
memory/4884-38-0x0000000003170000-0x00000000031AC000-memory.dmp

Filesize
240KB

Download
memory/4884-37-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4884-42-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download