caf54805709984f9f6abba7a29afea53b759ec8bd1a87ef33c272738eb4c7c68

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 04:38

Target

287f8bde65e7a3904d4e4901069df11e.exe
Size

1.9MB
MD5

287f8bde65e7a3904d4e4901069df11e
SHA1

82136da617cc95a18503a27821e10a7ace8995f9
SHA256

caf54805709984f9f6abba7a29afea53b759ec8bd1a87ef33c272738eb4c7c68
SHA512

ea43ded64f7b6f2cc7ebd7d8c90ba87c649ced00d5b5638aa4d4e75630716194f826483cb69fd2f1346a43bbb67c0092b6da5893a5d21081d5aa2012d5e1ddd0
SSDEEP

49152:Qoa1taC070deSGGR0msE1wGQCPPhWD6JfWsy:Qoa1taC0vSv95+GQKh/JfWf

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3536	3D95.tmp

Executes dropped EXE 1 IoCs

pid	Process
3536	3D95.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 3536	464	287f8bde65e7a3904d4e4901069df11e.exe	35
PID 464 wrote to memory of 3536	464	287f8bde65e7a3904d4e4901069df11e.exe	35
PID 464 wrote to memory of 3536	464	287f8bde65e7a3904d4e4901069df11e.exe	35

C:\Users\Admin\AppData\Local\Temp\287f8bde65e7a3904d4e4901069df11e.exe
"C:\Users\Admin\AppData\Local\Temp\287f8bde65e7a3904d4e4901069df11e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:464
- C:\Users\Admin\AppData\Local\Temp\3D95.tmp
  "C:\Users\Admin\AppData\Local\Temp\3D95.tmp" --splashC:\Users\Admin\AppData\Local\Temp\287f8bde65e7a3904d4e4901069df11e.exe C6C6DA98CEC6039A6CD0890E0AEB67FF3824593453D3A24090E35BAFB38B426303B53FE4E846B703CD68D97CFAC8B46E7C490B4E4D74FA2FAF4436FAE5C326CD
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:3536

memory/464-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/3536-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download