e8cd4440c917beb242cfbb18feb799501dd2eef33f83419b3c2b0c21a4ae1f99

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 03:34

Target

8e1c6bba676bf694b15e755a883b7dba.exe
Size

75KB
MD5

8e1c6bba676bf694b15e755a883b7dba
SHA1

6e255da57e7f89e00df10af47e3167525f58a61d
SHA256

e8cd4440c917beb242cfbb18feb799501dd2eef33f83419b3c2b0c21a4ae1f99
SHA512

1190d90dec829be603a87761bbe1ef874b3d17efbabd6b5f251308cf41a7754a0b787676a9d464708c18b2c6d39d71f6f4fb56abb1be458b3e1f57726512ba47
SSDEEP

1536:oBoWdHaDLw7iJju+EFEJah1B+apGLatYYaWqX:lWdHaDfJjwiahOapJtYYaWqX

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 240	2108	8e1c6bba676bf694b15e755a883b7dba.exe	29
PID 2108 wrote to memory of 240	2108	8e1c6bba676bf694b15e755a883b7dba.exe	29
PID 2108 wrote to memory of 240	2108	8e1c6bba676bf694b15e755a883b7dba.exe	29
PID 2108 wrote to memory of 240	2108	8e1c6bba676bf694b15e755a883b7dba.exe	29

C:\Users\Admin\AppData\Local\Temp\8e1c6bba676bf694b15e755a883b7dba.exe
"C:\Users\Admin\AppData\Local\Temp\8e1c6bba676bf694b15e755a883b7dba.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bt23610.bat "C:\Users\Admin\AppData\Local\Temp\8e1c6bba676bf694b15e755a883b7dba.exe"
  2⤵
  PID:240

C:\Users\Admin\AppData\Local\Temp\bt23610.bat

Filesize
925B

MD5
f8269b383f9c97e7c2277656a870b5ef

SHA1
e512799be7088e25e4013a88a9d1dd40d4ca3652

SHA256
c0449a8b56f182aef7d5d418a6a5235dfcc6c13bb2ef11842ada54a1a7a9a6a3

SHA512
801b1d518b32b10433da04e26fb86af5ee3c4839d7ffcb03fed58adb4137aa7afbe3fd28d1792cda27a4c487ac302003b02a931a8e29e9f72370f21253cc14b0

Download Submit
memory/2108-3-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download