bdce6310337df5c1a351e9d789570f49b0d8262298ca8a71f069e815d57f7d6a

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:54

Target

12b572b30ec0e33a113c9a9ee7138b01.exe
Size

42KB
MD5

12b572b30ec0e33a113c9a9ee7138b01
SHA1

f55055305f59293f38a23183c04fddfd08bc9ca1
SHA256

bdce6310337df5c1a351e9d789570f49b0d8262298ca8a71f069e815d57f7d6a
SHA512

34873f048a2e0ee4b974d2f943f6cc8f1f7ea42b876664cafba88a9e3bf293b479ae898a209355f02b83728ebf149220df7a731d6ed3b76a63a284b9ace9b8a1
SSDEEP

768:ebwC1q/QYgowcbFnOegvP16fGFa09iiLbOIcSansJpQHUi5OAY6g9zt0R7Vv2aOr:ez1q/QYgKRORvP1WGFa09iiLbOIcSanY

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1712	cmd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1712	1964	12b572b30ec0e33a113c9a9ee7138b01.exe	28
PID 1964 wrote to memory of 1712	1964	12b572b30ec0e33a113c9a9ee7138b01.exe	28
PID 1964 wrote to memory of 1712	1964	12b572b30ec0e33a113c9a9ee7138b01.exe	28
PID 1964 wrote to memory of 1712	1964	12b572b30ec0e33a113c9a9ee7138b01.exe	28

C:\Users\Admin\AppData\Local\Temp\12b572b30ec0e33a113c9a9ee7138b01.exe
"C:\Users\Admin\AppData\Local\Temp\12b572b30ec0e33a113c9a9ee7138b01.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\12b572b30ec0e33a113c9a9ee7138b01.bat
  2⤵
  - Deletes itself
  PID:1712

C:\Users\Admin\AppData\Local\Temp\12b572b30ec0e33a113c9a9ee7138b01.bat

Filesize
254B

MD5
cb140254c9f09b771b380064fa000a0c

SHA1
4368ee17c05a225f9ece0fe55ff34a9cab82ab53

SHA256
339be9e6498846b9f3aa938fb9ef7f8296aed3d8aa1952c38586e892a84e73f2

SHA512
93bb32e383a6fe533065ca1c51557a99baeef7f987ee95c7078b173244e760157b45cb9bf23db906a546b92ce449c28fb532f680a4c128517a80c566fb8fc01a

Download Submit
memory/1964-7-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download