cbba6518b292916370949e20994bc66329b7b5fdc9e93e038ddb60cdece9a067

Analysis

max time kernel
145s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 06:42

Target

4d9dccd354f82d1bbb5d46b63233958b.exe
Size

1.9MB
MD5

4d9dccd354f82d1bbb5d46b63233958b
SHA1

bbc753e56fa79f7f619d740cdc5af571781bfc84
SHA256

cbba6518b292916370949e20994bc66329b7b5fdc9e93e038ddb60cdece9a067
SHA512

8d2b8f98f02234304ab01cc7eb21962fe8f5308861f521eb0f24517c89a20dc59ce8aacd3bf25bb04832b8599117c45bea70745c897751ac4152b4d9e8067c35
SSDEEP

49152:Qoa1taC070dQaDFWV/9jl59prqJBDyw5c7:Qoa1taC0iCFl59Jq7ji

Score

7^/10

Deletes itself 1 IoCs

pid	Process
220	4B9F.tmp

Executes dropped EXE 1 IoCs

pid	Process
220	4B9F.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 220	4580	4d9dccd354f82d1bbb5d46b63233958b.exe	35
PID 4580 wrote to memory of 220	4580	4d9dccd354f82d1bbb5d46b63233958b.exe	35
PID 4580 wrote to memory of 220	4580	4d9dccd354f82d1bbb5d46b63233958b.exe	35

C:\Users\Admin\AppData\Local\Temp\4d9dccd354f82d1bbb5d46b63233958b.exe
"C:\Users\Admin\AppData\Local\Temp\4d9dccd354f82d1bbb5d46b63233958b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Users\Admin\AppData\Local\Temp\4B9F.tmp
  "C:\Users\Admin\AppData\Local\Temp\4B9F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4d9dccd354f82d1bbb5d46b63233958b.exe 09D57F553ECEE682675CDDF6AA6841F41E832B8ED7325257827DC1773CC3ABB7F7D79EECDB4C64C3077365D2BCC532F8678F4F8CEF4D991FC92567EA9D61788D
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:220

memory/220-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/4580-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download