941c6fa554f6087fa6178e7e6c38ccdc4563163f9502393af14a8fb89a1464c2

Analysis

max time kernel
143s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 03:01

Target

258c7ee6c860fe73fa00739faf1d976e.exe
Size

1.9MB
MD5

258c7ee6c860fe73fa00739faf1d976e
SHA1

c35d0d9f4aa734b943d4794f0c088761bc4f1b35
SHA256

941c6fa554f6087fa6178e7e6c38ccdc4563163f9502393af14a8fb89a1464c2
SHA512

673baf4a33e084cb859b40f0d6eb62d9cf4838aff8bbae464eee904d3ea233b166ae573fad30442cca3b409f4ee8abf1583e76e77c1d7706989a671b527390c8
SSDEEP

49152:Qoa1taC070dSoO5sJt6980dOBH+v/EMY/Zc38:Qoa1taC0LF2Jt69JdTHA/E8

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4332	5515.tmp

Executes dropped EXE 1 IoCs

pid	Process
4332	5515.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5804 wrote to memory of 4332	5804	258c7ee6c860fe73fa00739faf1d976e.exe	44
PID 5804 wrote to memory of 4332	5804	258c7ee6c860fe73fa00739faf1d976e.exe	44
PID 5804 wrote to memory of 4332	5804	258c7ee6c860fe73fa00739faf1d976e.exe	44

C:\Users\Admin\AppData\Local\Temp\258c7ee6c860fe73fa00739faf1d976e.exe
"C:\Users\Admin\AppData\Local\Temp\258c7ee6c860fe73fa00739faf1d976e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5804
- C:\Users\Admin\AppData\Local\Temp\5515.tmp
  "C:\Users\Admin\AppData\Local\Temp\5515.tmp" --splashC:\Users\Admin\AppData\Local\Temp\258c7ee6c860fe73fa00739faf1d976e.exe C37B1883242C765B4E0F8491D24871BEF20EE0554AC12FA45250895F6CDDF63681F5A8CE6573164A9D8EAAFE3A7AE435FB82C475E63D9300844F310254B18641
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:4332

memory/4332-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/5804-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download