4538af51bda09bd6888112ec66f753d4762c40a94342463ff6610b0fea38b4d5

Analysis

max time kernel
145s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 10:14

Target

158e73e7ff7e3a2c1d020caf2132a62b.exe
Size

1.9MB
MD5

158e73e7ff7e3a2c1d020caf2132a62b
SHA1

aa12d1f39a8646c94c8a63153c16c96c4f658416
SHA256

4538af51bda09bd6888112ec66f753d4762c40a94342463ff6610b0fea38b4d5
SHA512

fc2687f5edcefb7e233696ed1f7acd457504612d6254d0ca9bd673e4f4dbfbdd3d7acb9ce35bbccb3899804a32e5345b6f6b8e224f9fc4df461563cb09d21c56
SSDEEP

49152:Qoa1taC070dCfor++yLlw7/ZQViIFyNrvG+:Qoa1taC0HKYLO7/WimOr++

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4392	5505.tmp

Executes dropped EXE 1 IoCs

pid	Process
4392	5505.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 4392	2684	158e73e7ff7e3a2c1d020caf2132a62b.exe	36
PID 2684 wrote to memory of 4392	2684	158e73e7ff7e3a2c1d020caf2132a62b.exe	36
PID 2684 wrote to memory of 4392	2684	158e73e7ff7e3a2c1d020caf2132a62b.exe	36

C:\Users\Admin\AppData\Local\Temp\158e73e7ff7e3a2c1d020caf2132a62b.exe
"C:\Users\Admin\AppData\Local\Temp\158e73e7ff7e3a2c1d020caf2132a62b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\5505.tmp
  "C:\Users\Admin\AppData\Local\Temp\5505.tmp" --splashC:\Users\Admin\AppData\Local\Temp\158e73e7ff7e3a2c1d020caf2132a62b.exe D37A3444D53E72B191F743849E61E037C3ED2E5B7073B37BC8926C2F6FE04A6C7FBFAE421B9A93E1A68267E44FF12C004A2064563CD42619919592127B9E1721
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:4392

memory/2684-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/4392-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download