e059c6fe6b75375f9f0f116cb7b0f9deadea1ce9aa98bce83352be9893959924

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:00

Target

3712630215c6476678184856c3e4cfaf.exe
Size

50KB
MD5

3712630215c6476678184856c3e4cfaf
SHA1

4046b4e195b300d1727fc989ea4fda758584bb6c
SHA256

e059c6fe6b75375f9f0f116cb7b0f9deadea1ce9aa98bce83352be9893959924
SHA512

50f07b2e6331730a5c98949d45a678db8c8436b430c13a55e67c10d3558782fbf99fb16be9ac11a167b40f2fe6e8bc968b34946ee6c13ff25d25245e820719a3
SSDEEP

768:BdpnF5/ija+1I+NYVawgYvCAvEZQ25AX94JowOy5up9/05unb184woTMeu8xJqGX:BdJyqnvE3tJGbB05gtxJqW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 4560	2732	3712630215c6476678184856c3e4cfaf.exe	40
PID 2732 wrote to memory of 4560	2732	3712630215c6476678184856c3e4cfaf.exe	40
PID 2732 wrote to memory of 4560	2732	3712630215c6476678184856c3e4cfaf.exe	40

C:\Users\Admin\AppData\Local\Temp\3712630215c6476678184856c3e4cfaf.exe
"C:\Users\Admin\AppData\Local\Temp\3712630215c6476678184856c3e4cfaf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\2732R97B.bat" "C:\Users\Admin\AppData\Local\Temp\3712630215c6476678184856c3e4cfaf.exe""
  2⤵
  PID:4560

C:\Users\Admin\AppData\Local\Temp\2732R97B.bat

Filesize
2KB

MD5
8c920ea98843576159c4c093e53d8207

SHA1
96c0b95a8c4c7c7f9f0968182d647234d42ce7e2

SHA256
2ada92a6c97cf2df91f77092ec86693b0dfe24f9e1047ce5ee255170b7a57905

SHA512
d95f16e52de87ede661c4a73a5c897aa335e817e2a08685a0c169720a7c545d52c0e6a0df0d10aeff6ec0264f8ee4a1ea26ecc85a01be3d652ab2d11b896b041

Download Submit
memory/2732-3-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download