65fece1b579f78b10fe8ac5b84f3a943cf84a318031e96ae8973461ad1cb205e

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17/02/2024, 11:32

Target

WindowsActivator.exe
Size

243KB
MD5

f9d2a9fbb1d1821a512b5ecacec9c521
SHA1

438d083f55a38e5565d8920d44cff3c838114a6a
SHA256

cde219c00c0b59ce798abb4afd8e704f3287e5394bdeb432bb0eab74e46b4090
SHA512

0c5ac691a6b4e38ce27bbee0e6f22b94d05b0dda69d65deac38604bde84dbacba121c72a23f69a2381c2b959bd7ff16290728b9c7af9f4c0164cd4b295c77646
SSDEEP

1536:8JY/xpd+rvPmcJktv32FO8M0Ni/+/2FO8M0Ni/+:qYJpMT9Jkl6M4i/+/6M4i/+

Score

1^/10

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 1352	3688	WindowsActivator.exe	86
PID 3688 wrote to memory of 1352	3688	WindowsActivator.exe	86
PID 3688 wrote to memory of 4984	3688	WindowsActivator.exe	87
PID 3688 wrote to memory of 4984	3688	WindowsActivator.exe	87
PID 3688 wrote to memory of 3100	3688	WindowsActivator.exe	88
PID 3688 wrote to memory of 3100	3688	WindowsActivator.exe	88
PID 3688 wrote to memory of 1860	3688	WindowsActivator.exe	89
PID 3688 wrote to memory of 1860	3688	WindowsActivator.exe	89
PID 3688 wrote to memory of 3952	3688	WindowsActivator.exe	90
PID 3688 wrote to memory of 3952	3688	WindowsActivator.exe	90
PID 3688 wrote to memory of 2220	3688	WindowsActivator.exe	91
PID 3688 wrote to memory of 2220	3688	WindowsActivator.exe	91
PID 3688 wrote to memory of 1684	3688	WindowsActivator.exe	92
PID 3688 wrote to memory of 1684	3688	WindowsActivator.exe	92
PID 3688 wrote to memory of 4564	3688	WindowsActivator.exe	93
PID 3688 wrote to memory of 4564	3688	WindowsActivator.exe	93
PID 3688 wrote to memory of 2172	3688	WindowsActivator.exe	94
PID 3688 wrote to memory of 2172	3688	WindowsActivator.exe	94
PID 3688 wrote to memory of 3644	3688	WindowsActivator.exe	95
PID 3688 wrote to memory of 3644	3688	WindowsActivator.exe	95
PID 3688 wrote to memory of 5044	3688	WindowsActivator.exe	96
PID 3688 wrote to memory of 5044	3688	WindowsActivator.exe	96
PID 3688 wrote to memory of 2464	3688	WindowsActivator.exe	97
PID 3688 wrote to memory of 2464	3688	WindowsActivator.exe	97

C:\Users\Admin\AppData\Local\Temp\WindowsActivator.exe
"C:\Users\Admin\AppData\Local\Temp\WindowsActivator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c title Windows 11 Activator
  2⤵
  PID:1352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color a
  2⤵
  PID:4984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo.
  2⤵
  PID:3100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo This tool is made for Windows 11 and will activate it!
  2⤵
  PID:1860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo.
  2⤵
  PID:3952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo.
  2⤵
  PID:2220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo.
  2⤵
  PID:1684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo Made by twix#3292
  2⤵
  PID:4564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo.
  2⤵
  PID:2172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo.
  2⤵
  PID:3644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo.
  2⤵
  PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:2464