3a63240646561df0a73b4d61bfd6c7f4a004cd5fb9bcf946001eb3ab2d556dd6

Analysis

max time kernel
160s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:16

Target

083ab96199b0a68712f6010d04672e5f.exe
Size

22KB
MD5

083ab96199b0a68712f6010d04672e5f
SHA1

0971646b0f940048e71a97903f8e982e02329bf5
SHA256

3a63240646561df0a73b4d61bfd6c7f4a004cd5fb9bcf946001eb3ab2d556dd6
SHA512

fdfaf07f5ebca8033eff0d1d3734bdd43bb8c3040df377a3d58b14beaacdf88083e6bfcb1da582c414f9f13b4512066416ba26ffb42f02e39800354c7e3b8cce
SSDEEP

384:5/RbdsbwwlARJDKt4WN8Rc4TWXYldwxe0Z/JNJuK5ga1w1Z9AXq96bLJwO4ANoKi:jbdCwwKjDTWKRcrXYoeAJ/ZPYZ9AXn6d

Score

1^/10

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 4812	2708	083ab96199b0a68712f6010d04672e5f.exe	88
PID 2708 wrote to memory of 4812	2708	083ab96199b0a68712f6010d04672e5f.exe	88
PID 2708 wrote to memory of 2816	2708	083ab96199b0a68712f6010d04672e5f.exe	89
PID 2708 wrote to memory of 2816	2708	083ab96199b0a68712f6010d04672e5f.exe	89
PID 2708 wrote to memory of 2816	2708	083ab96199b0a68712f6010d04672e5f.exe	89

C:\Users\Admin\AppData\Local\Temp\083ab96199b0a68712f6010d04672e5f.exe
"C:\Users\Admin\AppData\Local\Temp\083ab96199b0a68712f6010d04672e5f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  PID:4812
- C:\Windows\SysWOW64\cmd.exe
  cmd /c erase /F "C:\Users\Admin\AppData\Local\Temp\083ab96199b0a68712f6010d04672e5f.exe"
  2⤵
  PID:2816

memory/2708-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download