d381256b195622941860c50e127a171c6053ec80a4abb0b3a0965b1fa8b9340a

Analysis

max time kernel
148s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:15

Target

016c353f2af9ec1ee5889bc57e800984.exe
Size

7.1MB
MD5

016c353f2af9ec1ee5889bc57e800984
SHA1

65d695dd4a43bddc9f1fc17fdd9ec89636e02449
SHA256

d381256b195622941860c50e127a171c6053ec80a4abb0b3a0965b1fa8b9340a
SHA512

11472a3adc62bd5705d725dab4564ecb212aab2fa9012875b878789f9b864d739130562caef743be8bad75e978bb2acbb4e00f3a3dba2c0fcbfa3dae07fff064
SSDEEP

196608:+py9onJ5hrZERMB2WZufOuD9LsKy+J5lvsRxF2n0:iy9c5hlERo2WmfDZbhJHvq8n

Score

7^/10

Loads dropped DLL 15 IoCs

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 1688	4512	016c353f2af9ec1ee5889bc57e800984.exe	25
PID 4512 wrote to memory of 1688	4512	016c353f2af9ec1ee5889bc57e800984.exe	25

C:\Users\Admin\AppData\Local\Temp\016c353f2af9ec1ee5889bc57e800984.exe
"C:\Users\Admin\AppData\Local\Temp\016c353f2af9ec1ee5889bc57e800984.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Users\Admin\AppData\Local\Temp\016c353f2af9ec1ee5889bc57e800984.exe
  "C:\Users\Admin\AppData\Local\Temp\016c353f2af9ec1ee5889bc57e800984.exe"
  2⤵
  - Loads dropped DLL
  PID:1688