6aa97c73ce96932696bdc3b68369a9c6871bef54b32e8f606ea7e1fc9087cef5

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 10:33

Target

7a01985c20bd2247327ed3972d4268b2.exe
Size

60KB
MD5

7a01985c20bd2247327ed3972d4268b2
SHA1

3bf73a1135de528f33fbd90d5b072deb3df754d0
SHA256

6aa97c73ce96932696bdc3b68369a9c6871bef54b32e8f606ea7e1fc9087cef5
SHA512

505c667bc78d01bbb7594d1af2b232633b5e64126703f495de10813b2854eeaa03bf2bcd80417ca328664cfbae1adf025a5996e637a5cb9ef5f66f93c364d2c5
SSDEEP

768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOOC:71Tzy48untU8fOMEI3jyYfPiuOC

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 396	2996	7a01985c20bd2247327ed3972d4268b2.exe	87
PID 2996 wrote to memory of 396	2996	7a01985c20bd2247327ed3972d4268b2.exe	87
PID 2996 wrote to memory of 396	2996	7a01985c20bd2247327ed3972d4268b2.exe	87
PID 396 wrote to memory of 4348	396	cmd.exe	88
PID 396 wrote to memory of 4348	396	cmd.exe	88
PID 396 wrote to memory of 4348	396	cmd.exe	88
PID 4348 wrote to memory of 1512	4348	iexpress.exe	89
PID 4348 wrote to memory of 1512	4348	iexpress.exe	89
PID 4348 wrote to memory of 1512	4348	iexpress.exe	89

C:\Users\Admin\AppData\Local\Temp\7a01985c20bd2247327ed3972d4268b2.exe
"C:\Users\Admin\AppData\Local\Temp\7a01985c20bd2247327ed3972d4268b2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\95A8.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\7a01985c20bd2247327ed3972d4268b2.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4348
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:1512

C:\Users\Admin\AppData\Local\Temp\95A8.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
60KB

MD5
8a1e791b788733d2796d4e7e580a6d47

SHA1
fb3cb6072c303ee0f28ee0212b1a9410b420aaf8

SHA256
d4a9069cf57228a3ea7a21bd87cc769f95a710511544f341b2020a52acb60e7d

SHA512
03aadc87eee2f16f4edd4e5cbba974b8850f0fcce4d7920e1553b1aa3652070ef0e7b29aa12bf147e851937c59b842e88f8685c188aa6319da51070b1a394b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit