0be79fcf2b08bd6795c256a892ff49ae38ac2230e2769330351c8c6f9c5795a1

Analysis

max time kernel
180s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:22

Target

0fe361f8becd3de5f921662021604114.exe
Size

1.7MB
MD5

0fe361f8becd3de5f921662021604114
SHA1

e97b455320d2493d405aed04c7cea85cfa4c8755
SHA256

0be79fcf2b08bd6795c256a892ff49ae38ac2230e2769330351c8c6f9c5795a1
SHA512

ff29f2cb3bb81b18e63464042ed792f055af620191621b8553536667e6c7338f052f62b8b094c8f2f15031795576a37eb66dec4d9faa7e0e53ccbe8a7831758b
SSDEEP

49152:5aN2EPD6EzJLzVi/23S3wlSoQtSg9TinXBgJ:QNrzdVMwhoS3RgJ

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4348	0fe361f8becd3de5f921662021604114.tmp

Loads dropped DLL 1 IoCs

pid	Process
4348	0fe361f8becd3de5f921662021604114.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 4348	540	0fe361f8becd3de5f921662021604114.exe	61
PID 540 wrote to memory of 4348	540	0fe361f8becd3de5f921662021604114.exe	61
PID 540 wrote to memory of 4348	540	0fe361f8becd3de5f921662021604114.exe	61

C:\Users\Admin\AppData\Local\Temp\0fe361f8becd3de5f921662021604114.exe
"C:\Users\Admin\AppData\Local\Temp\0fe361f8becd3de5f921662021604114.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Users\Admin\AppData\Local\Temp\is-DNL01.tmp\0fe361f8becd3de5f921662021604114.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-DNL01.tmp\0fe361f8becd3de5f921662021604114.tmp" /SL5="$7011C,1479153,54272,C:\Users\Admin\AppData\Local\Temp\0fe361f8becd3de5f921662021604114.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4348

C:\Users\Admin\AppData\Local\Temp\is-DNL01.tmp\0fe361f8becd3de5f921662021604114.tmp

Filesize
25KB

MD5
43e8bff8c5d1cd6912f784057f662011

SHA1
1f01af3a3ec873c1a60ad8ba93c3437e0264b75c

SHA256
278d62fca2391400709fe62c7c85744c4e4973798fee435e47334b700bf2cffb

SHA512
7c45e5cc8f7d1a7a9987e51fa9ee583867cd39adec48730faf405ba2f027bd4936596ab2128521326e5080000f1722d30f014f0486b626579bd0ce010afcfc41

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DNL01.tmp\0fe361f8becd3de5f921662021604114.tmp

Filesize
1KB

MD5
7791059c15b13576a401a9d464d0a913

SHA1
2440a117dd1c0fdc210515f1bdca4a680eb2f2ac

SHA256
228824d5dfcb516d916be3716b0f482bbd54a2a3e1eee106040f860b7b44e3e2

SHA512
1f5a9894a5245bcb088a51dc067f957cf366d85602ef8aa16b678fb89f11a07b31006b65f6e52157d5cdcb366fc5f2d6a5b6602e959f3a8777e82a682d2d2185

Download Submit
memory/540-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/540-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/540-34-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4348-7-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/4348-35-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4348-38-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download