1796127f59f00b807808b76ef5dbbb107b33208e011f496b06e4c4d5c9e42173

Analysis

max time kernel
147s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 10:51

Target

a396f4304e5a75c2f299582b942409de.exe
Size

90KB
MD5

a396f4304e5a75c2f299582b942409de
SHA1

c53ad51dca4006ce94135f4adccb474a6332eabe
SHA256

1796127f59f00b807808b76ef5dbbb107b33208e011f496b06e4c4d5c9e42173
SHA512

4adcb741ddfde66f21411a2900ca084c31e7ade61be7b517aa11b6e1822aae521898f6e7fc4e004b663091b8428b20d3b95611266297550c6cfabf0bd01ddfa8
SSDEEP

1536:37fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf2w2Oc:r7DhdC6kzWypvaQ0FxyNTBf2P

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 1736	856	a396f4304e5a75c2f299582b942409de.exe	29
PID 856 wrote to memory of 1736	856	a396f4304e5a75c2f299582b942409de.exe	29
PID 856 wrote to memory of 1736	856	a396f4304e5a75c2f299582b942409de.exe	29
PID 856 wrote to memory of 1736	856	a396f4304e5a75c2f299582b942409de.exe	29

C:\Users\Admin\AppData\Local\Temp\a396f4304e5a75c2f299582b942409de.exe
"C:\Users\Admin\AppData\Local\Temp\a396f4304e5a75c2f299582b942409de.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1333.tmp\1334.tmp\1335.bat C:\Users\Admin\AppData\Local\Temp\a396f4304e5a75c2f299582b942409de.exe"
  2⤵
  PID:1736

C:\Users\Admin\AppData\Local\Temp\1333.tmp\1334.tmp\1335.bat

Filesize
974B

MD5
f49eea1d5923c12eeae7d68620828418

SHA1
26250314ccdde6a84a9fe74da260e8b51cb725ba

SHA256
598932157239f017b9ee4259e52bcfab0265157f285b774d84a00741096a398e

SHA512
056a92c3952d538c765816d184822ef3e022319b680e2fed7c92bce03172ec79479c2f63ca12496122bfe709a586aa2a59c399e4d87556d0e5434d99c39dd627

Download Submit