7f4751e57949ebca8744d1a05db8d88fbb50e3d1b5a47f64fd3c9dde32f0d178

Analysis

max time kernel
147s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 17:13

Target

3a9acdadcb5b097eff517b66615d27b6.exe
Size

1.9MB
MD5

3a9acdadcb5b097eff517b66615d27b6
SHA1

6b21e610c0baa8ff538b3f37aaa278ec7273df27
SHA256

7f4751e57949ebca8744d1a05db8d88fbb50e3d1b5a47f64fd3c9dde32f0d178
SHA512

189333c674819f70cbcacd166c6135fc7b2a665b9b3e018b44e4915e5e2effe4622075331be094072bd3238022326ce193d03ef279097e19e583fd1c6d87e29d
SSDEEP

49152:Qoa1taC070d0i+IofI5CUnu7c5b9eGCC4JC8cZtz+CnWe3xP:Qoa1taC0PIofIZn8c5b95eJx2wEWeR

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2760	53CD.tmp

Executes dropped EXE 1 IoCs

pid	Process
2760	53CD.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 2760	4496	3a9acdadcb5b097eff517b66615d27b6.exe	35
PID 4496 wrote to memory of 2760	4496	3a9acdadcb5b097eff517b66615d27b6.exe	35
PID 4496 wrote to memory of 2760	4496	3a9acdadcb5b097eff517b66615d27b6.exe	35

C:\Users\Admin\AppData\Local\Temp\3a9acdadcb5b097eff517b66615d27b6.exe
"C:\Users\Admin\AppData\Local\Temp\3a9acdadcb5b097eff517b66615d27b6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Users\Admin\AppData\Local\Temp\53CD.tmp
  "C:\Users\Admin\AppData\Local\Temp\53CD.tmp" --splashC:\Users\Admin\AppData\Local\Temp\3a9acdadcb5b097eff517b66615d27b6.exe F4A3866B474E503CBBA9711FD70BBB3E8D0E05D268A2272E7E5F2B0444B4F26A1E691444D24EA85321053A9FA894002FF8E355BD5479C3FB459F168D24C13CBC
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2760

memory/2760-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/4496-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download