d2cb216139897d434509cc1bb49f4ae12d9af027888b6f57a1d7c249f00a8545

Analysis

max time kernel
147s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 11:58

Target

462be4ffd3e28366c40115863893d475.exe
Size

1.9MB
MD5

462be4ffd3e28366c40115863893d475
SHA1

728ff1e01ad7a8310d8b71b8c60967ef91a24eb2
SHA256

d2cb216139897d434509cc1bb49f4ae12d9af027888b6f57a1d7c249f00a8545
SHA512

a10a2a9d6dfe9597e7a042177be6c8314369f78e4d05fdca471e54efa090a52056dc4105d719e028ade0ce521cc972623921a3b57d5d924b7bf70b39a294ad6c
SSDEEP

24576:N2oo60HPdt+1CRiY2eOBvcj3u10dn85JiUBi5oQRmeFkbf3cc10+CZyuh7eTeHxO:Qoa1taC070d8/iUBiTF1c109/xHxN8

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3296	4E2F.tmp

Executes dropped EXE 1 IoCs

pid	Process
3296	4E2F.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 3296	3492	462be4ffd3e28366c40115863893d475.exe	39
PID 3492 wrote to memory of 3296	3492	462be4ffd3e28366c40115863893d475.exe	39
PID 3492 wrote to memory of 3296	3492	462be4ffd3e28366c40115863893d475.exe	39

C:\Users\Admin\AppData\Local\Temp\462be4ffd3e28366c40115863893d475.exe
"C:\Users\Admin\AppData\Local\Temp\462be4ffd3e28366c40115863893d475.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Users\Admin\AppData\Local\Temp\4E2F.tmp
  "C:\Users\Admin\AppData\Local\Temp\4E2F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\462be4ffd3e28366c40115863893d475.exe 91A9AADC1C930D114733A01BEE1C0115D9FE4A49B7C3E6ECE018F67D5C47A8EC83364B26C9AFB0D17511DBEC9399B52616393799C0F08C22703BC23F54FDBD51
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:3296

memory/3296-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/3492-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download