48a3f6109a55c4227a22bf617b17994618ceb470bb515b1fdcafc6f66a33736c

Analysis

max time kernel
138s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 21:22

Target

1cd68275af3e896c65c5c7ff3e66b0c4.exe
Size

57KB
MD5

1cd68275af3e896c65c5c7ff3e66b0c4
SHA1

aa8640a7051bafa8705aefa2b5ae0d1314f0f372
SHA256

48a3f6109a55c4227a22bf617b17994618ceb470bb515b1fdcafc6f66a33736c
SHA512

2ed1ac6608f35e3876a785b1c8b846801122ecc14ebff4ce9ded1039f7a88990d2e47ef1b4f57b1abe8e40183e3927dfcb66b06b4eba811084e8ebcb09f31cf4
SSDEEP

768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOOe:71Tzy48untU8fOMEI3jyYfPiuOe

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 1960	3180	1cd68275af3e896c65c5c7ff3e66b0c4.exe	18
PID 3180 wrote to memory of 1960	3180	1cd68275af3e896c65c5c7ff3e66b0c4.exe	18
PID 3180 wrote to memory of 1960	3180	1cd68275af3e896c65c5c7ff3e66b0c4.exe	18
PID 1960 wrote to memory of 3112	1960	cmd.exe	19
PID 1960 wrote to memory of 3112	1960	cmd.exe	19
PID 1960 wrote to memory of 3112	1960	cmd.exe	19
PID 3112 wrote to memory of 4360	3112	iexpress.exe	20
PID 3112 wrote to memory of 4360	3112	iexpress.exe	20
PID 3112 wrote to memory of 4360	3112	iexpress.exe	20

C:\Users\Admin\AppData\Local\Temp\1cd68275af3e896c65c5c7ff3e66b0c4.exe
"C:\Users\Admin\AppData\Local\Temp\1cd68275af3e896c65c5c7ff3e66b0c4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\43DF.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\1cd68275af3e896c65c5c7ff3e66b0c4.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1960
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3112
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:4360