085f6e82f6881a83dde5dd6edfbfb3f97671fa73cd284909cdc092a1322ebd16

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 06:45

Target

2c1bcb3d3eac5548233ea846169e289b.exe
Size

1.9MB
MD5

2c1bcb3d3eac5548233ea846169e289b
SHA1

c122066f4b2d03f1a40223144923e22a3b489867
SHA256

085f6e82f6881a83dde5dd6edfbfb3f97671fa73cd284909cdc092a1322ebd16
SHA512

a017ed0481a1ed92783b0833968e5f47e6c3381d02ccb7268f1c2959dff6fbc301bdbe4afbd2b42e7b57a24d01a584377e28ff9fafc3f3d78c039ba694787713
SSDEEP

49152:Qoa1taC070dOdeou65oxuRZMo2/Qyu2wezixSMnAher:Qoa1taC0LIQ9b1DxS6r

Score

7^/10

Deletes itself 1 IoCs

pid	Process
468	5C78.tmp

Executes dropped EXE 1 IoCs

pid	Process
468	5C78.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 468	4776	2c1bcb3d3eac5548233ea846169e289b.exe	35
PID 4776 wrote to memory of 468	4776	2c1bcb3d3eac5548233ea846169e289b.exe	35
PID 4776 wrote to memory of 468	4776	2c1bcb3d3eac5548233ea846169e289b.exe	35

C:\Users\Admin\AppData\Local\Temp\2c1bcb3d3eac5548233ea846169e289b.exe
"C:\Users\Admin\AppData\Local\Temp\2c1bcb3d3eac5548233ea846169e289b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Users\Admin\AppData\Local\Temp\5C78.tmp
  "C:\Users\Admin\AppData\Local\Temp\5C78.tmp" --splashC:\Users\Admin\AppData\Local\Temp\2c1bcb3d3eac5548233ea846169e289b.exe CD9DBF9F858E2EF1C9F58D1EC605C24103170F3B281F987555DA034309BA894A69FADCE79B6E2B4FBD9C908E53A75AC06726B539EE0871C22ACDC4CAA80F59ED
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:468

memory/468-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/4776-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download