43aeff7c857d73bdf7391fe0ad3ff2b80004a941330c4abdabb0681a6bf8d568

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2024 20:53

Target

4c6deb78eb41857d7dd5e66c492c9bcc.exe
Size

61KB
MD5

4c6deb78eb41857d7dd5e66c492c9bcc
SHA1

5bbaaa083508dcfe28d7d29b40f6f7f1099d8f4d
SHA256

43aeff7c857d73bdf7391fe0ad3ff2b80004a941330c4abdabb0681a6bf8d568
SHA512

33f3ceb1e02faf16904febf3187cf5e4165b665d351a17278ba24a832e8f4eb60346531c38133506522f46f8347bd3ba7715ab97c99e3d4df8894f2021d8c0aa
SSDEEP

768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOO9:71Tzy48untU8fOMEI3jyYfPiuO9

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 2340	988	4c6deb78eb41857d7dd5e66c492c9bcc.exe	19
PID 988 wrote to memory of 2340	988	4c6deb78eb41857d7dd5e66c492c9bcc.exe	19
PID 988 wrote to memory of 2340	988	4c6deb78eb41857d7dd5e66c492c9bcc.exe	19
PID 2340 wrote to memory of 3216	2340	cmd.exe	20
PID 2340 wrote to memory of 3216	2340	cmd.exe	20
PID 2340 wrote to memory of 3216	2340	cmd.exe	20
PID 3216 wrote to memory of 2356	3216	iexpress.exe	25
PID 3216 wrote to memory of 2356	3216	iexpress.exe	25
PID 3216 wrote to memory of 2356	3216	iexpress.exe	25

C:\Users\Admin\AppData\Local\Temp\4c6deb78eb41857d7dd5e66c492c9bcc.exe
"C:\Users\Admin\AppData\Local\Temp\4c6deb78eb41857d7dd5e66c492c9bcc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5861.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\4c6deb78eb41857d7dd5e66c492c9bcc.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3216
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:2356

C:\Users\Admin\AppData\Local\Temp\5861.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
31KB

MD5
e82a78f9426bb3539ba49cf4e6aac503

SHA1
7df9585eb689e5ad84bf44f8c28ca73f9b136a1d

SHA256
1db6e57d495ad1b849873b45f7ea8cc3ccec9ecf0c2f7e2cff9db7e582412640

SHA512
afe025f15ce8024b3447a737a41def66e1f8e5c3b066c42c30339089dc0f97f910883d34b7dfede5dc15453f9528e2b6dca8698d03dabe95e930fefc77f1588a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
28KB

MD5
70c238af7687ad151b99949aec43daf7

SHA1
caba0e4744925cd88e70932e977646025399158e

SHA256
f9c34a6bf894c0db9de19628d832999f0b25fa62373a5ba4849117eb702daa26

SHA512
0cfdb7651c3c0ef68226f8d0400bd634cdf87c8cb55497b56b9f4502322d26a44024d036353aa2d2b99f6641d0adbacd17386d268b5ecdf3ba16e09fc09115c4

Download Submit