c6f6c1f109775f68b9be3920c5c46d0f5ae5b8b45d45c11abaf952b6098039a0

Analysis

max time kernel
155s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 17:26

Target

30c9249824971b80aec6d2458374a09b.exe
Size

879KB
MD5

30c9249824971b80aec6d2458374a09b
SHA1

ba9c7ff0ebd880a0af019aba4948d898821318bd
SHA256

c6f6c1f109775f68b9be3920c5c46d0f5ae5b8b45d45c11abaf952b6098039a0
SHA512

1bcfce1e0ee81393e02f2e80521e48b2d6f22298d49f2fe10d0b7e3d2ab9fe472dcb7e19007d029d5d11c06535f3ce48ac402f00bad813b4124ffb7011bf2afd
SSDEEP

12288:aKoLScJXjvekjHRUhZFhcc1MNQpkzdsd7mWArXlQ02qTSS0+Y0Ut855u1e+cO:ENDfHR0NnUQ2moQc2S0+YJV9

Score

1^/10

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2124	30c9249824971b80aec6d2458374a09b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2592	2124	30c9249824971b80aec6d2458374a09b.exe	90
PID 2124 wrote to memory of 2592	2124	30c9249824971b80aec6d2458374a09b.exe	90
PID 2124 wrote to memory of 2592	2124	30c9249824971b80aec6d2458374a09b.exe	90

C:\Users\Admin\AppData\Local\Temp\30c9249824971b80aec6d2458374a09b.exe
"C:\Users\Admin\AppData\Local\Temp\30c9249824971b80aec6d2458374a09b.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\30c9249824971b80aec6d2458374a09b.exe
  "C:\Users\Admin\AppData\Local\Temp\30c9249824971b80aec6d2458374a09b.exe"
  2⤵
  PID:2592

memory/2124-1-0x0000000000E70000-0x0000000000F70000-memory.dmp

Filesize
1024KB

Download
memory/2124-2-0x0000000001680000-0x0000000001682000-memory.dmp

Filesize
8KB

Download