b1cd246e002ea3c833eb58607d01acea038a0d5ff9a636cb93e54bddb132793b

Analysis

max time kernel
145s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 03:33

Target

526bd7baed80f2625b713962bb62dc17.exe
Size

1.9MB
MD5

526bd7baed80f2625b713962bb62dc17
SHA1

fe24c566bf3e56562eb154ba1823c585d080c6e5
SHA256

b1cd246e002ea3c833eb58607d01acea038a0d5ff9a636cb93e54bddb132793b
SHA512

f4e4286f2869bbe95aa4d975876cd64ad2d633470674d3ce00b5162025c514ab03eaddaf01ef3393f6099ba6006455339be63e0be2c60d777e295f175f2768b7
SSDEEP

49152:Qoa1taC070dtGdk7B25q414IxLihTq7cVcqLlZX:Qoa1taC0UG9qPEiI4V9Zh

Score

7^/10

Deletes itself 1 IoCs

pid	Process
772	4391.tmp

Executes dropped EXE 1 IoCs

pid	Process
772	4391.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 772	3420	526bd7baed80f2625b713962bb62dc17.exe	36
PID 3420 wrote to memory of 772	3420	526bd7baed80f2625b713962bb62dc17.exe	36
PID 3420 wrote to memory of 772	3420	526bd7baed80f2625b713962bb62dc17.exe	36

C:\Users\Admin\AppData\Local\Temp\526bd7baed80f2625b713962bb62dc17.exe
"C:\Users\Admin\AppData\Local\Temp\526bd7baed80f2625b713962bb62dc17.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Users\Admin\AppData\Local\Temp\4391.tmp
  "C:\Users\Admin\AppData\Local\Temp\4391.tmp" --splashC:\Users\Admin\AppData\Local\Temp\526bd7baed80f2625b713962bb62dc17.exe 0620761837116A895104CDA8E2A00615A28A35BFC0D4040CD289F7ADA3E367A5DACFA9CFF3147913E8DFE95D8D3E1A4534D973CCBF30331711FB3A4857333BBD
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:772

memory/772-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/3420-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download