4f468e96f51fe28f4dddd6359d2cd640bbca4f18e2dc7efd6469571fbc44f4a9

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:46

Target

22de04c3abd461f9a5018dbbd8452b7f.exe
Size

58KB
MD5

22de04c3abd461f9a5018dbbd8452b7f
SHA1

bed8cf6a25a359167afc5a3f534dea11297ed3e7
SHA256

4f468e96f51fe28f4dddd6359d2cd640bbca4f18e2dc7efd6469571fbc44f4a9
SHA512

e9f16a5760d5e9f9caa5e7225a5197d8d36c7aceb7779d3f3d59fea8b3126f146b75db8e8629970cb73b1dec3d0882bb28fbb3a7e6f74c26956c649cfcca2f33
SSDEEP

1536:exmMyMWO0SECmkDx2yAMXp1ymhPoTpeisICqdPO:POZHmuxMMXp1ymhQMisICq

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2448	1972	22de04c3abd461f9a5018dbbd8452b7f.exe	26
PID 1972 wrote to memory of 2448	1972	22de04c3abd461f9a5018dbbd8452b7f.exe	26
PID 1972 wrote to memory of 2448	1972	22de04c3abd461f9a5018dbbd8452b7f.exe	26
PID 1972 wrote to memory of 2448	1972	22de04c3abd461f9a5018dbbd8452b7f.exe	26

C:\Users\Admin\AppData\Local\Temp\22de04c3abd461f9a5018dbbd8452b7f.exe
"C:\Users\Admin\AppData\Local\Temp\22de04c3abd461f9a5018dbbd8452b7f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\3FCE.tmp\DisableNotesSSO.bat""
  2⤵
  PID:2448

C:\Users\Admin\AppData\Local\Temp\3FCE.tmp\DisableNotesSSO.bat

Filesize
1KB

MD5
e2f2db0ff1d051c401f2710c4caa2d07

SHA1
2b91a4782a2e70fa024ad06d3cd5f19ad817a3cf

SHA256
deaae65ce479366b091d271dad203d3200176de2c741655094ac65517ffa6637

SHA512
572e311b5b48db5582c5aa5addfa3a59a62115e9c1d8368e1dd7fee346e2b8eeae7efc16508a38ec53871143f8f8630051a4054a5c08e3bb1375a0147f364632

Download Submit
memory/1972-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1972-9-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download