7071641335efe810aa5dad32abd68aed723c2628e42dab79e1844d96a2b572db

Analysis

max time kernel
184s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:04

Target

012eabde701879b57247b5984bdd2781.exe
Size

12KB
MD5

012eabde701879b57247b5984bdd2781
SHA1

28fa5c94f64a5cb831aac9952a32fcc8b428a28d
SHA256

7071641335efe810aa5dad32abd68aed723c2628e42dab79e1844d96a2b572db
SHA512

5bf42a5bd34f415cc50142c4d16d84a41a44329bfa418a64bd094b02254dfd3dffe0568a2af8819b80158946b25f5f34fd5be2fe9007685d2e693aef61898fe8
SSDEEP

384:y3jPR/Kn4nmzBa/lCx63LNp6BWjh3ewlqM4bLY:y3LAhe667Np6iEY

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3260	A.PIF

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1516	012eabde701879b57247b5984bdd2781.exe
1516	012eabde701879b57247b5984bdd2781.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 3260	1516	012eabde701879b57247b5984bdd2781.exe	92
PID 1516 wrote to memory of 3260	1516	012eabde701879b57247b5984bdd2781.exe	92
PID 1516 wrote to memory of 3260	1516	012eabde701879b57247b5984bdd2781.exe	92
PID 1516 wrote to memory of 1484	1516	012eabde701879b57247b5984bdd2781.exe	94
PID 1516 wrote to memory of 1484	1516	012eabde701879b57247b5984bdd2781.exe	94
PID 1516 wrote to memory of 1484	1516	012eabde701879b57247b5984bdd2781.exe	94

C:\Users\Admin\AppData\Local\Temp\012eabde701879b57247b5984bdd2781.exe
"C:\Users\Admin\AppData\Local\Temp\012eabde701879b57247b5984bdd2781.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Users\Admin\AppData\Local\Temp\A.PIF
  A.PIF
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\012eabde701879b57247b5984bdd2781.exe"
  2⤵
  PID:1484

C:\Users\Admin\AppData\Local\Temp\A.PIF

Filesize
6KB

MD5
dd1e2fbe39ddbaf23be42dc6f7d1aec0

SHA1
4245786ba2608653302e5c5ff03a05a6e37ee892

SHA256
86523f249723ca6989aaa606536a78d3513ba371915ed20e0599f6c9d92eee8e

SHA512
0858eb0a86a1a2583839b0152c72d2f338bb03650ea8824918bdc52a0376fcce2faa37dd213e5334519ae5c1b9f5fae58ff3d3fb0880f1c95f12884c6374a23c

Download Submit