cfa3b2c498ee356b544e2300a3f31ebe7a094edbeae002c1cd5b516430df39fd

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2024 18:10

Target

8fd036f9d481a997bb61467a4779aef3.exe
Size

25KB
MD5

8fd036f9d481a997bb61467a4779aef3
SHA1

5b2e83382d9a5fb6e969eafb5207537e4d2a7b70
SHA256

cfa3b2c498ee356b544e2300a3f31ebe7a094edbeae002c1cd5b516430df39fd
SHA512

16bcdd1886c8bffe0c612ddaa78873a2a6f58e2517670448a34c12e39364fb6d6a38834624bfff08193430d232cbdd0b1c274d7e90dea5cb3fcfe6d1e006981e
SSDEEP

384:lUQsyfkfnWkm6bE6efml64x8Ryyn6f8bErYtub0t8EW/+ZYs2hf:lUWkfWT6bimAyg6kl00tBW/+T2h

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4708	svchost.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
3336	8fd036f9d481a997bb61467a4779aef3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 4708	3336	8fd036f9d481a997bb61467a4779aef3.exe	85
PID 3336 wrote to memory of 4708	3336	8fd036f9d481a997bb61467a4779aef3.exe	85
PID 3336 wrote to memory of 4708	3336	8fd036f9d481a997bb61467a4779aef3.exe	85

C:\Users\Admin\AppData\Local\Temp\8fd036f9d481a997bb61467a4779aef3.exe
"C:\Users\Admin\AppData\Local\Temp\8fd036f9d481a997bb61467a4779aef3.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  - Deletes itself
  PID:4708

memory/3336-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3336-1-0x00000000022B0000-0x0000000002360000-memory.dmp

Filesize
704KB

Download
memory/4708-2-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download