2eaf7b917391fe4d882271ba3737d3da04e7d5db44a495ad7430a044a17a1ae5

Analysis

max time kernel
137s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 01:41

Target

0a6cdb14fa701b13a0857d0be45a46e9.exe
Size

56KB
MD5

0a6cdb14fa701b13a0857d0be45a46e9
SHA1

f81a4daf251b688b0fe7c04ae817351a4244f745
SHA256

2eaf7b917391fe4d882271ba3737d3da04e7d5db44a495ad7430a044a17a1ae5
SHA512

071918dbb977509fa9f66f456656cfce222fed8206f74d35ed7331a23e4890e90ab0f21d7e039dbf4d89135632625373f88da496d77dc42cdfc81336c67e43b7
SSDEEP

768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOOD:71Tzy48untU8fOMEI3jyYfPiuOD

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2376	2576	0a6cdb14fa701b13a0857d0be45a46e9.exe	96
PID 2576 wrote to memory of 2376	2576	0a6cdb14fa701b13a0857d0be45a46e9.exe	96
PID 2576 wrote to memory of 2376	2576	0a6cdb14fa701b13a0857d0be45a46e9.exe	96
PID 2376 wrote to memory of 2020	2376	cmd.exe	97
PID 2376 wrote to memory of 2020	2376	cmd.exe	97
PID 2376 wrote to memory of 2020	2376	cmd.exe	97
PID 2020 wrote to memory of 4512	2020	iexpress.exe	98
PID 2020 wrote to memory of 4512	2020	iexpress.exe	98
PID 2020 wrote to memory of 4512	2020	iexpress.exe	98

C:\Users\Admin\AppData\Local\Temp\0a6cdb14fa701b13a0857d0be45a46e9.exe
"C:\Users\Admin\AppData\Local\Temp\0a6cdb14fa701b13a0857d0be45a46e9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7078.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\0a6cdb14fa701b13a0857d0be45a46e9.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2020
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:4512

C:\Users\Admin\AppData\Local\Temp\7078.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
56KB

MD5
fd015e083d74c51160fb42c3a6a3bc9f

SHA1
e88e8bdb439851bcb7de568e80de1b4d80195e9d

SHA256
68cbf8f1bd8f2dca06ef2c45b9284c6c05c4591fd0222e383e3a8846c154c0b5

SHA512
4550c7c04f87ba9f104c4e9eb1f006490e5cbfcf40dad27bbe51afccf91260602491d3f8dbc43400fe85eef47582d39142b8c7f4fd3fa5c6e2cd620b2449c949

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit