243222098a4a5e95a520b957e39c4b293cdad3b5b0d9fd6ef30803616e0659ab

Analysis

max time kernel
149s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 06:59

Target

4032f2e4206f5ea90569b37172935de1.exe
Size

38KB
MD5

4032f2e4206f5ea90569b37172935de1
SHA1

5bf37f8e0cbaf02b575c5a6fda7807d3dba96480
SHA256

243222098a4a5e95a520b957e39c4b293cdad3b5b0d9fd6ef30803616e0659ab
SHA512

123a56765aa925bda77000e0e5ef49487f7264a0d1a8c5244a3cfc4a37bf7e12d23c9938e437be708e8233f8fcfa145161ebeeaa81d0dc18b1f7a4c89ec6691d
SSDEEP

768:oj4XZ/xzcFu6bw+JpWCR9Pv7vWC+AwaCG241zw7nbcuyD7UM:ocJ/x4jbvz/be8r1zWnouy8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 1668	2580	4032f2e4206f5ea90569b37172935de1.exe	90
PID 2580 wrote to memory of 1668	2580	4032f2e4206f5ea90569b37172935de1.exe	90
PID 2580 wrote to memory of 1668	2580	4032f2e4206f5ea90569b37172935de1.exe	90

C:\Users\Admin\AppData\Local\Temp\4032f2e4206f5ea90569b37172935de1.exe
"C:\Users\Admin\AppData\Local\Temp\4032f2e4206f5ea90569b37172935de1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\\uninste5830cf.bat" "C:\Users\Admin\AppData\Local\Temp\4032f2e4206f5ea90569b37172935de1.exe""
  2⤵
  PID:1668

C:\Users\Admin\AppData\Local\Temp\uninste5830cf.bat

Filesize
59B

MD5
2988b921fbed03f9c93c5d538932bbe3

SHA1
4b791b3d59ae76ff091c2cf201b40f5d1b432a3f

SHA256
a1769979622d3d25829be12474ad32ccfdfcac59785dac2fc10ae49c300e4ea3

SHA512
2920c6e9851973371dc238da1ee3c63d41c7820637856ee92c67e9489c1790e3fad287d229440d124e60b978f6819d04b47c40de9034cbd9de422aaafc2b07f9

Download Submit
memory/2580-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2580-2-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download