ad002f882d658863ef884dd2200bb4db6e6b25cc1cad457cacc25f8a932097ba

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 12:47

Target

videocat.plugin.exe
Size

1.8MB
MD5

b67e68cf9b653164a343b6074ce34d4f
SHA1

70f1231e8c692b195a472f9cd0a886134ba2d401
SHA256

ad002f882d658863ef884dd2200bb4db6e6b25cc1cad457cacc25f8a932097ba
SHA512

65b024190be410f4bb3f14913de25a3a1f24d8f7d82fe52fca8517b8a1cdcd62cde663bb70e63971180c08176e2d8a70fd50b7ce4af18ada72159b24ef4a8d86
SSDEEP

24576:x7FUDowAyrTVE3U5FCyK7H3LO0Y0FPe1s8IUsFvRdNOItq8+KQ6O/M7:xBuZrEUU7HHYlzFsFZegr7Qu7

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4660	videocat.plugin.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 4660	944	videocat.plugin.exe	32
PID 944 wrote to memory of 4660	944	videocat.plugin.exe	32
PID 944 wrote to memory of 4660	944	videocat.plugin.exe	32

C:\Users\Admin\AppData\Local\Temp\videocat.plugin.exe
"C:\Users\Admin\AppData\Local\Temp\videocat.plugin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Users\Admin\AppData\Local\Temp\is-N3RU4.tmp\videocat.plugin.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-N3RU4.tmp\videocat.plugin.tmp" /SL5="$60210,1034203,843776,C:\Users\Admin\AppData\Local\Temp\videocat.plugin.exe"
  2⤵
  - Executes dropped EXE
  PID:4660

memory/944-0-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/944-2-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/944-8-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4660-6-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download
memory/4660-9-0x0000000000400000-0x0000000000716000-memory.dmp

Filesize
3.1MB

Download
memory/4660-12-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download