4ff3b9e0c2ba0be3a2566a0663bad8beb8f80680cc7099e93f2e01ead9261773

Analysis

max time kernel
166s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 03:37

Target

26a101588e1cbc8b15385ff09bf934de.exe
Size

52KB
MD5

26a101588e1cbc8b15385ff09bf934de
SHA1

6f6cf832a1e778a5c497a92dcc2fd2fa7597b51b
SHA256

4ff3b9e0c2ba0be3a2566a0663bad8beb8f80680cc7099e93f2e01ead9261773
SHA512

0c7eff35e2d750489eaac16b78f7790dd5dd96f99dc775324b1b7296b7b17ed88dc699a31a89710cf73984fb975385683086bd722d01f640321cf223c410ec5b
SSDEEP

1536:XBhHu+9H2qJTlCZWQxpU6wlSvIrnJzVWuCFw:XWq5lCZWQPiAvIlzVX

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ee5aa9ab44.dll	26a101588e1cbc8b15385ff09bf934de.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 3552	452	26a101588e1cbc8b15385ff09bf934de.exe	103
PID 452 wrote to memory of 3552	452	26a101588e1cbc8b15385ff09bf934de.exe	103
PID 452 wrote to memory of 3552	452	26a101588e1cbc8b15385ff09bf934de.exe	103

C:\Users\Admin\AppData\Local\Temp\26a101588e1cbc8b15385ff09bf934de.exe
"C:\Users\Admin\AppData\Local\Temp\26a101588e1cbc8b15385ff09bf934de.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$336699.bat
  2⤵
  PID:3552

C:\Users\Admin\AppData\Local\Temp\$$336699.bat

Filesize
182B

MD5
f7648a88d70de301f37b50fe8e60e2ae

SHA1
3bb236d6f5535a0304c3c174949a35cef16f4515

SHA256
efc7e3291aeef5402afcfc72975d7ad7f9791ad8bc593ae3aa3c3a7aa61e3d2b

SHA512
c196226b6c91e33b3805cc5a5ca16f13a73572df2cf0980769df2b5291fc999cf97dd45a73c6bb0b13c40528c159d975482b83d625b89b086817b88f4f9492cb

Download Submit
memory/452-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-1-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-2-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-3-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-4-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-5-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-6-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-8-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-9-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-10-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/452-15-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download