e46878754e0604bfbd8cd833359421508c245c97947c407c092064980e4db6d3

Analysis

max time kernel
144s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 09:04

Target

407157a04d6dfc0d979119001083d46a.exe
Size

744KB
MD5

407157a04d6dfc0d979119001083d46a
SHA1

e755e4e8ce0ec458e6623977def3a6c36832aab6
SHA256

e46878754e0604bfbd8cd833359421508c245c97947c407c092064980e4db6d3
SHA512

f9aa416795f4e83a7b48e45d6f52e3ea5d3b6d783e8731748dfaed8c5960105fc80081f50928a1cb8883d9b0784f600eb88d31537329e10b8e6fb15705046550
SSDEEP

12288:uaHc64b888888888888W888888888889jscV7TdjL47zdU5imqsX3sv33rD+zG/A:F86IIW7uvmQBsHUezG/aYFkJR30F6rpB

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2808	407157a04d6dfc0d979119001083d46a.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	25	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 2808	4636	407157a04d6dfc0d979119001083d46a.exe	92
PID 4636 wrote to memory of 2808	4636	407157a04d6dfc0d979119001083d46a.exe	92
PID 4636 wrote to memory of 2808	4636	407157a04d6dfc0d979119001083d46a.exe	92

C:\Users\Admin\AppData\Local\Temp\407157a04d6dfc0d979119001083d46a.exe
"C:\Users\Admin\AppData\Local\Temp\407157a04d6dfc0d979119001083d46a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Users\Admin\AppData\Local\Temp\is-F259V.tmp\407157a04d6dfc0d979119001083d46a.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-F259V.tmp\407157a04d6dfc0d979119001083d46a.tmp" /SL5="$B005E,371795,121344,C:\Users\Admin\AppData\Local\Temp\407157a04d6dfc0d979119001083d46a.exe"
  2⤵
  - Executes dropped EXE
  PID:2808

C:\Users\Admin\AppData\Local\Temp\is-F259V.tmp\407157a04d6dfc0d979119001083d46a.tmp

Filesize
65KB

MD5
be3a9cda496720cbb12b04ed932331cd

SHA1
2348e6484e6d7e3d5d844cdb67988f6d9e791c7a

SHA256
71df180697f1bd65c0edb6c9a8ec5dbd697c3f6c9380dde7235d1c99d11719e7

SHA512
8f9d7d89e4ee9ad705a2a7a80668ac661e582177e31e237b4b922bde0dfd6a1f37b1f703bf004d45e81783c0dde386e19410528c008b00ed4a68164ffebfe30e

Download Submit
memory/2808-7-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2808-9-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2808-11-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2808-17-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/4636-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4636-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4636-6-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4636-12-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download