87c1904ff891b844a981ba171b0645b96ad72bbea2c58ebadf15543ab213138e

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 17:00

Target

77e6ba72118eea6ad97cba0977acd1c4.exe
Size

58KB
MD5

77e6ba72118eea6ad97cba0977acd1c4
SHA1

4112f413f52a1d368928a88702cfb0d35d20b3da
SHA256

87c1904ff891b844a981ba171b0645b96ad72bbea2c58ebadf15543ab213138e
SHA512

be3733d5f11d7dd54177c00b8ff658b5506296bf978e22c85fbc7b43aaaca7ece13a4f159ca5ee9c854c5e253bce67f05992c406f163148af55e1134f2d0e121
SSDEEP

768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOO6:71Tzy48untU8fOMEI3jyYfPiuO6

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 3896	3872	77e6ba72118eea6ad97cba0977acd1c4.exe	86
PID 3872 wrote to memory of 3896	3872	77e6ba72118eea6ad97cba0977acd1c4.exe	86
PID 3872 wrote to memory of 3896	3872	77e6ba72118eea6ad97cba0977acd1c4.exe	86
PID 3896 wrote to memory of 4552	3896	cmd.exe	88
PID 3896 wrote to memory of 4552	3896	cmd.exe	88
PID 3896 wrote to memory of 4552	3896	cmd.exe	88
PID 4552 wrote to memory of 2104	4552	iexpress.exe	89
PID 4552 wrote to memory of 2104	4552	iexpress.exe	89
PID 4552 wrote to memory of 2104	4552	iexpress.exe	89

C:\Users\Admin\AppData\Local\Temp\77e6ba72118eea6ad97cba0977acd1c4.exe
"C:\Users\Admin\AppData\Local\Temp\77e6ba72118eea6ad97cba0977acd1c4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6C27.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\77e6ba72118eea6ad97cba0977acd1c4.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3896
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4552
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:2104

C:\Users\Admin\AppData\Local\Temp\6C27.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
58KB

MD5
607a07f79be6dc386cb6a93e51b5c497

SHA1
48b334c7b1fac42c9940b1ab1a7488e386d7670a

SHA256
bbbe0aecf7a5d3a3c58d3edfaa9423067c05491e5d081d79ce679d58b3c568a2

SHA512
235aa8021ffe42f39a047554e819e368c559513653d1de392a22851e6eb643b44fba2074a328534279b61a7bc4ef2807ba501ffe11aa3f54e136915eb86bce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit