857a089c3c7e057f9a457e95f8ce287a781c8549c2f169e7a9ba7d721801f4d1

Analysis

max time kernel
139s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 09:08

Target

560bca13586f3e7dd3da32037fa01380.exe
Size

1.9MB
MD5

560bca13586f3e7dd3da32037fa01380
SHA1

9fbf0856cf0971f191c539cc83c6fa6273746e9f
SHA256

857a089c3c7e057f9a457e95f8ce287a781c8549c2f169e7a9ba7d721801f4d1
SHA512

568f96e69abe5959e22963392761243a44ea828d4383626e07318ab595abf34b5a0b4fd2190eaf0a7a88d99bf1cb6769d71010c33ef966e536cf918cab651427
SSDEEP

49152:Qoa1taC070dhLHt4awZ8/xvNvQq+xJ3681NMjQ:Qoa1taC02LHtWOZVv/4Jvr

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3028	4C2C.tmp

Executes dropped EXE 1 IoCs

pid	Process
3028	4C2C.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 3028	2008	560bca13586f3e7dd3da32037fa01380.exe	35
PID 2008 wrote to memory of 3028	2008	560bca13586f3e7dd3da32037fa01380.exe	35
PID 2008 wrote to memory of 3028	2008	560bca13586f3e7dd3da32037fa01380.exe	35

C:\Users\Admin\AppData\Local\Temp\560bca13586f3e7dd3da32037fa01380.exe
"C:\Users\Admin\AppData\Local\Temp\560bca13586f3e7dd3da32037fa01380.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\4C2C.tmp
  "C:\Users\Admin\AppData\Local\Temp\4C2C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\560bca13586f3e7dd3da32037fa01380.exe 55F418C25FEA3C1B05183B7D8A078D2FA9E2D7FD7EBA17341780F9E1B6BE796AC84E0F446E90CEC43A5BBE9C3DBD61731F6869D07030F580EA8BDC0CD23FB2E3
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:3028

memory/2008-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/3028-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download