e0e4f40c851e3b881dca00a5c64ff9883ffab65c42d356972e0747e6cd3cdf72

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:43

Target

221e185ab4d305d80e48a6a1783d2f26.exe
Size

13KB
MD5

221e185ab4d305d80e48a6a1783d2f26
SHA1

a27af1e914c6e38052159938398f558a103bfbcb
SHA256

e0e4f40c851e3b881dca00a5c64ff9883ffab65c42d356972e0747e6cd3cdf72
SHA512

6f61026acc25d8740854aff94a3a01a58d5610a974f1b4b70a516e6917123daf2e8b9754cfe1345c12467f1354a052d869ca60421477fa5745b7b50751744192
SSDEEP

192:bJtaf0lHaoQr+aXe04egU59HDSUg5a1Y/jAC8y+oz4arOfCIsy3Hsulvn7OKi7Xn:nardbD4BUDGZ5a1Y/cGevnSKc2m

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 456	1160	221e185ab4d305d80e48a6a1783d2f26.exe	91
PID 1160 wrote to memory of 456	1160	221e185ab4d305d80e48a6a1783d2f26.exe	91
PID 1160 wrote to memory of 456	1160	221e185ab4d305d80e48a6a1783d2f26.exe	91

C:\Users\Admin\AppData\Local\Temp\221e185ab4d305d80e48a6a1783d2f26.exe
"C:\Users\Admin\AppData\Local\Temp\221e185ab4d305d80e48a6a1783d2f26.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Del1.Bat"
  2⤵
  PID:456

C:\Users\Admin\AppData\Local\Temp\Del1.Bat

Filesize
192B

MD5
23c68f002e34edbe2c7f56011e2293ce

SHA1
80ec673437ece7c12d31fddf85fec63a001b5150

SHA256
a09dd1565870e14a182015c178b7455757c17e0220ab63b0d033c68071899b1f

SHA512
a4b4b0f155f0e7fb112ea17adf9567a7df744b7e2dfa831a443078e1bf086059461cad2f16d3a0fad722a4d83ff50feff5439fcc9818698142b62a70437ad345

Download Submit
memory/1160-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1160-3-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download