a659b12b3702908176e925fa920e42ff67435a60e025a608b52acd81f44e6f1e

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 21:53

Target

04e96a27c8ae98f43ec0d31cb06ee44b.exe
Size

485KB
MD5

04e96a27c8ae98f43ec0d31cb06ee44b
SHA1

b5c0777f701fe128f66ceccdc8b532703f34625c
SHA256

a659b12b3702908176e925fa920e42ff67435a60e025a608b52acd81f44e6f1e
SHA512

046b4582e9b6da839c035b3cc0deae34e57aff2b13207cfa6e5d8f68efe071f21104d4c7e75693604d55d0c17923724d9e0b517814ccc75d67090b9ad050a8aa
SSDEEP

6144:rSH+MbiH2r0uS11MMvEV9SlVwGP2b/xVz8I+1FudBFNc+186DClQ:rc+Mbip1BEV9o/2DuFyFNcWLDkQ

Score

1^/10

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1720	04e96a27c8ae98f43ec0d31cb06ee44b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 3660	1720	04e96a27c8ae98f43ec0d31cb06ee44b.exe	90
PID 1720 wrote to memory of 3660	1720	04e96a27c8ae98f43ec0d31cb06ee44b.exe	90
PID 1720 wrote to memory of 3660	1720	04e96a27c8ae98f43ec0d31cb06ee44b.exe	90

C:\Users\Admin\AppData\Local\Temp\04e96a27c8ae98f43ec0d31cb06ee44b.exe
"C:\Users\Admin\AppData\Local\Temp\04e96a27c8ae98f43ec0d31cb06ee44b.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\04e96a27c8ae98f43ec0d31cb06ee44b.exe
  "C:\Users\Admin\AppData\Local\Temp\04e96a27c8ae98f43ec0d31cb06ee44b.exe"
  2⤵
  PID:3660

memory/1720-0-0x0000000000930000-0x000000000097B000-memory.dmp

Filesize
300KB

Download
memory/1720-1-0x0000000001440000-0x0000000001442000-memory.dmp

Filesize
8KB

Download
memory/1720-2-0x0000000000930000-0x000000000097B000-memory.dmp

Filesize
300KB

Download