d0987943a232bd3bf27b99ea65eecc43b79c7b16569411d58fae3fa85c14eb7e

Analysis

max time kernel
184s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 10:29

Target

15ee111a90f7b14b914090608ba0240e.exe
Size

744KB
MD5

15ee111a90f7b14b914090608ba0240e
SHA1

efe1adf3dd435746562f362fede53d8765d07952
SHA256

d0987943a232bd3bf27b99ea65eecc43b79c7b16569411d58fae3fa85c14eb7e
SHA512

466828f75a5502a046e3cdabf2fb175fbd0160e2696ee4f9f548ace028f395e7efbc38affcef25da74dac5b5ce776b4167e7d8e242de4c02146bf91f74ed020a
SSDEEP

12288:uaHc64b888888888888W88888888888KjscV7TdjL47zdU5im/XPTI33rD+zG/oX:F86DIW7uvmQ0XLWezG/aYFkJR30F6rpT

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4728	15ee111a90f7b14b914090608ba0240e.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	32	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 4728	4332	15ee111a90f7b14b914090608ba0240e.exe	93
PID 4332 wrote to memory of 4728	4332	15ee111a90f7b14b914090608ba0240e.exe	93
PID 4332 wrote to memory of 4728	4332	15ee111a90f7b14b914090608ba0240e.exe	93

C:\Users\Admin\AppData\Local\Temp\15ee111a90f7b14b914090608ba0240e.exe
"C:\Users\Admin\AppData\Local\Temp\15ee111a90f7b14b914090608ba0240e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Users\Admin\AppData\Local\Temp\is-AK8CF.tmp\15ee111a90f7b14b914090608ba0240e.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AK8CF.tmp\15ee111a90f7b14b914090608ba0240e.tmp" /SL5="$500DC,372121,121344,C:\Users\Admin\AppData\Local\Temp\15ee111a90f7b14b914090608ba0240e.exe"
  2⤵
  - Executes dropped EXE
  PID:4728

C:\Users\Admin\AppData\Local\Temp\is-AK8CF.tmp\15ee111a90f7b14b914090608ba0240e.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/4332-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4332-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4728-5-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/4728-8-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4728-11-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download