6b1925a4e46c0ee657567aac483e6193bf1b7a64bde80a853e5af606087baf70

Analysis

max time kernel
170s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 04:55

Target

065cb3f73eced424e2fb65ddf27d8f6c.exe
Size

482KB
MD5

065cb3f73eced424e2fb65ddf27d8f6c
SHA1

f9f107e2a85b022137a47086f1281b74609cfbc2
SHA256

6b1925a4e46c0ee657567aac483e6193bf1b7a64bde80a853e5af606087baf70
SHA512

18204253e6c8eb1298e6328f39ff2b13c0ed3f5187e7760542acf42c03dee46bbe29c9aa6d64645fdf730f6381b5e6153a6e73acb681abe279f79592c522f072
SSDEEP

12288:nTVv/uRJTCYuDWv+21xJAwAZ35xaGFujjnt59KwfUCr9W+qP9zuMRwNFoTl:nT1uTTCJDwZ+SbHnt59Kwfhr9czXwNF8

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1720	@CD52.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 1720	3120	065cb3f73eced424e2fb65ddf27d8f6c.exe	88
PID 3120 wrote to memory of 1720	3120	065cb3f73eced424e2fb65ddf27d8f6c.exe	88
PID 3120 wrote to memory of 1720	3120	065cb3f73eced424e2fb65ddf27d8f6c.exe	88

C:\Users\Admin\AppData\Local\Temp\065cb3f73eced424e2fb65ddf27d8f6c.exe
"C:\Users\Admin\AppData\Local\Temp\065cb3f73eced424e2fb65ddf27d8f6c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Users\Admin\AppData\Local\Temp\@CD52.tmp
  "C:\Users\Admin\AppData\Local\Temp\@CD52.tmp" "C:\Users\Admin\AppData\Local\Temp\065cb3f73eced424e2fb65ddf27d8f6c.exe"
  2⤵
  - Executes dropped EXE
  PID:1720

C:\Users\Admin\AppData\Local\Temp\@CD52.tmp

Filesize
80KB

MD5
bd9dbc2637ff5b3a16bf55aada67abce

SHA1
bd93f5537871e47163e963051653b6fe6df1a5b7

SHA256
cd37c099746575e6929c15416bf4be16337e4d3f3f4cf305bd7d204f5834f9b5

SHA512
56967a039cdb10ed14b44ee140d540ec7a3641e2646517300d279f04c8f179988f81fb8faaff781d9ebe9261f693e8e9a7426576dc8eaf450c68415d05466a2d

Download Submit