50e3a3140e30dc1fadb58caed31679a3d1e0137953a72781e1654a147e2a6667

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 19:43

Target

41bf8d6e51a67e331208f181ebfbdebe.exe
Size

81KB
MD5

41bf8d6e51a67e331208f181ebfbdebe
SHA1

5fb208b49351f44310296757f6250fcaaf39ee1a
SHA256

50e3a3140e30dc1fadb58caed31679a3d1e0137953a72781e1654a147e2a6667
SHA512

9a36adc0446fe61a171c2eaf81eb27812938614a01ec6906a71882b9a4242e38363bc043f4f039d0ef53b394682b0d386d88182363ad4e8e92e5aeffd880cd84
SSDEEP

1536:jWKEmKGgr5gJjHAGE3S/AuUo2oVSFmnkrbuSxJd7zEvt/Puj:j3cTzpokYMuYJd7zit/Wj

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1496	nst4A29.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 1496	4392	41bf8d6e51a67e331208f181ebfbdebe.exe	18
PID 4392 wrote to memory of 1496	4392	41bf8d6e51a67e331208f181ebfbdebe.exe	18
PID 4392 wrote to memory of 1496	4392	41bf8d6e51a67e331208f181ebfbdebe.exe	18

C:\Users\Admin\AppData\Local\Temp\41bf8d6e51a67e331208f181ebfbdebe.exe
"C:\Users\Admin\AppData\Local\Temp\41bf8d6e51a67e331208f181ebfbdebe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Users\Admin\AppData\Local\Temp\nst4A28.tmp\nst4A29.tmp
  nst4A29.tmp /DOIT
  2⤵
  - Executes dropped EXE
  PID:1496

C:\Users\Admin\AppData\Local\Temp\nst4A28.tmp\nst4A29.tmp

Filesize
32KB

MD5
2c013f3036b0469d543a40a20ed8739f

SHA1
91ee8763ba59d86056b07a02c1b1973c6173988c

SHA256
a830ed8b4fbcadf90bd3744c94077eb4bcf69e90c33f4ef0d7d1f566484c65a1

SHA512
58a295f66d749866a13142c3d426548f5e33b03b3710ca11b33189d1fb91f0895f21c17cf6d6a9f1429b551d48dc1c5fde0a2340e89a1ace547be2cb785836d9

Download Submit