a23a9ae69ffed5ed696bce13610faf31288e75c65f7fc797699d72714bd5428a

Analysis

max time kernel
120s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 22:56

Target

0647da3a338f90ba50af253a6de65e64.exe
Size

5KB
MD5

0647da3a338f90ba50af253a6de65e64
SHA1

0ab62eac67cdde24b79902d2b6907c383c38692e
SHA256

a23a9ae69ffed5ed696bce13610faf31288e75c65f7fc797699d72714bd5428a
SHA512

39a1c8d76c50ab333c019bbbfff854d295c1a6f0a6ed73e98945fca6ddc625982867e9aa47a7737c82556803f69bdf817b24f8d127bc132d4ec8bcbb1c571e99
SSDEEP

96:NAehBa29Eypf20V8anuKsRiWLvtj6GnDP2EU00hv0zNB6:+ePaOEk2w8anuxQIDoKzNA

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2760	cmd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2760	2648	0647da3a338f90ba50af253a6de65e64.exe	28
PID 2648 wrote to memory of 2760	2648	0647da3a338f90ba50af253a6de65e64.exe	28
PID 2648 wrote to memory of 2760	2648	0647da3a338f90ba50af253a6de65e64.exe	28
PID 2648 wrote to memory of 2760	2648	0647da3a338f90ba50af253a6de65e64.exe	28

C:\Users\Admin\AppData\Local\Temp\0647da3a338f90ba50af253a6de65e64.exe
"C:\Users\Admin\AppData\Local\Temp\0647da3a338f90ba50af253a6de65e64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\0647da3a338f90ba50af253a6de65e64.exe"
  2⤵
  - Deletes itself
  PID:2760