d2bf07757c5bd90fbc2b74894e3a699f85067761aecf041e2c9d520684b8810f

Analysis

max time kernel
144s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 15:51

Target

3a6507bea6ccad1ad838f5f191d435a7.exe
Size

1.9MB
MD5

3a6507bea6ccad1ad838f5f191d435a7
SHA1

e532b6e64d63624be3986a257aba722d0de84066
SHA256

d2bf07757c5bd90fbc2b74894e3a699f85067761aecf041e2c9d520684b8810f
SHA512

a123943e36271d6b19cefe7113e775201e4a31ee5271b4170b70d49b855bfd7cca361f6f08db5e85f3889813536e27884c15cbdf7b286daa00d99fd3f9443f10
SSDEEP

24576:N2oo60HPdt+1CRiY2eOBvcj3u10dWYCjhjGc2xFvq8YEb4ZAIiG3pCmVxgZQSYNL:Qoa1taC070dY1GvPYERGXcG2Ryd

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1356	48F0.tmp

Executes dropped EXE 1 IoCs

pid	Process
1356	48F0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1356	864	3a6507bea6ccad1ad838f5f191d435a7.exe	36
PID 864 wrote to memory of 1356	864	3a6507bea6ccad1ad838f5f191d435a7.exe	36
PID 864 wrote to memory of 1356	864	3a6507bea6ccad1ad838f5f191d435a7.exe	36

C:\Users\Admin\AppData\Local\Temp\3a6507bea6ccad1ad838f5f191d435a7.exe
"C:\Users\Admin\AppData\Local\Temp\3a6507bea6ccad1ad838f5f191d435a7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Users\Admin\AppData\Local\Temp\48F0.tmp
  "C:\Users\Admin\AppData\Local\Temp\48F0.tmp" --splashC:\Users\Admin\AppData\Local\Temp\3a6507bea6ccad1ad838f5f191d435a7.exe AE3CB4FE45EE2B0BE41AB82FE74BB48389825145198BDD7BFDFC67BF21620B84204420D036A5820F2B8C02EBF4B4AD0516129AE4162FB49C077F17EE9BA51D6E
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:1356

memory/864-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/1356-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download