52e7ac11eb76e5226418a35a2733c58a746b1e007a66d7f5b5a3977136bd6daf

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 15:19

Target

786f38085171917a33d6f9f47c84182d.exe
Size

3.1MB
MD5

786f38085171917a33d6f9f47c84182d
SHA1

3982f207cb58103c83179a637198d37370ca13a8
SHA256

52e7ac11eb76e5226418a35a2733c58a746b1e007a66d7f5b5a3977136bd6daf
SHA512

5623306f9fe78810af2ea3fb2aafeae0f7706242622887e99ce382bafac10c63f303b5ecf3b876e3355cf09357d5b59666826d242bdc2ba4d89d0c174637b55b
SSDEEP

98304:5mSWOiIyU7BdTxs73XNfJVLUjH5oxFbxx:5XhXT639RVUjZEdx

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1384	58DE.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 1384	3444	786f38085171917a33d6f9f47c84182d.exe	24
PID 3444 wrote to memory of 1384	3444	786f38085171917a33d6f9f47c84182d.exe	24
PID 3444 wrote to memory of 1384	3444	786f38085171917a33d6f9f47c84182d.exe	24

C:\Users\Admin\AppData\Local\Temp\786f38085171917a33d6f9f47c84182d.exe
"C:\Users\Admin\AppData\Local\Temp\786f38085171917a33d6f9f47c84182d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Users\Admin\AppData\Local\Temp\58DE.tmp
  "C:\Users\Admin\AppData\Local\Temp\58DE.tmp" --splashC:\Users\Admin\AppData\Local\Temp\786f38085171917a33d6f9f47c84182d.exe ACB1BD62A6B85103E7A316D0D5B17B2D2368C60E3C3D21AD94A35CB5FC1D3A1ABDFD8F4409F3A95E6355A0AFF32EEAE98490DF06A39D04597AC50229EE1339F4
  2⤵
  - Executes dropped EXE
  PID:1384

memory/1384-5-0x0000000000400000-0x000000000071F000-memory.dmp

Filesize
3.1MB

Download
memory/3444-0-0x0000000000400000-0x000000000071F000-memory.dmp

Filesize
3.1MB

Download