3b89a68a0f863af072f612f44bbde6e151467ffdf779180bca79ec46d08ed8f1

Analysis

max time kernel
139s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:41

Target

05ebf3149299626a01e3cc1986bb47e2.exe
Size

1.9MB
MD5

05ebf3149299626a01e3cc1986bb47e2
SHA1

bd91fd7a2ead0e109e3c7c8efda7a54e9bcfa4c0
SHA256

3b89a68a0f863af072f612f44bbde6e151467ffdf779180bca79ec46d08ed8f1
SHA512

c31a49a2ec2c4a6539bf0d35c8056127a5329935fdcb8fade60605722506d34df73ffdc214208ef5a6780736a5a5456306f42bb5ffc3ffde1da92b8d787d8e6e
SSDEEP

24576:N2oo60HPdt+1CRiY2eOBvcj3u10dwolaHKlzrZR1uL0Om71o2peev67fzuCuNFVv:Qoa1taC070dwolaH+uL0s0tC7L0/QpG

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3400	519A.tmp

Executes dropped EXE 1 IoCs

pid	Process
3400	519A.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 3400	1528	05ebf3149299626a01e3cc1986bb47e2.exe	35
PID 1528 wrote to memory of 3400	1528	05ebf3149299626a01e3cc1986bb47e2.exe	35
PID 1528 wrote to memory of 3400	1528	05ebf3149299626a01e3cc1986bb47e2.exe	35

C:\Users\Admin\AppData\Local\Temp\05ebf3149299626a01e3cc1986bb47e2.exe
"C:\Users\Admin\AppData\Local\Temp\05ebf3149299626a01e3cc1986bb47e2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Users\Admin\AppData\Local\Temp\519A.tmp
  "C:\Users\Admin\AppData\Local\Temp\519A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\05ebf3149299626a01e3cc1986bb47e2.exe E97621D47A6DE302D0F58F4542687C8941A9D14C7F15DF9A8FFC49EC8515EBDAD698EA2438E0D310CCEC585263F92B5260AC6168B5C50E3ED3D57C06E1C19945
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:3400

memory/1528-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/3400-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download