7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 21:28

Target

7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe
Size

79KB
MD5

e4198d1174a379a357960b4b302b528d
SHA1

b887a88c4eed71f684d3cd080c4d456ff7f172a8
SHA256

7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d
SHA512

d30f8685d489030cdb24335c0a4f4f2b6f5d139aad945b5548f16922726b4b5c8e4352f85a8ec22f5b74c9e59d5c9652f9e0716c33169a36ce9399ba6141fd4f
SSDEEP

1536:zvWFMiUFK780JWTnOQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvWF3UFK78p6GdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2176	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 4000	4320	7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe	90
PID 4320 wrote to memory of 4000	4320	7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe	90
PID 4320 wrote to memory of 4000	4320	7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe	90
PID 4000 wrote to memory of 2176	4000	cmd.exe	91
PID 4000 wrote to memory of 2176	4000	cmd.exe	91
PID 4000 wrote to memory of 2176	4000	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe
"C:\Users\Admin\AppData\Local\Temp\7a20f9b522a04a9a853d72577a81f59ca3c05a10249a46820b879e4d59aed12d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2176

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d28c09edd03f7ae1dce3e8c673c7d4d4

SHA1
de7d83c2183dcfc5c98f5ef3bdf3dc66879c8a53

SHA256
f26f128479f43a801036c202ba137b9e52397a6200da00b8de36a0f0d543be8d

SHA512
4a555f71ec40401177eee7695d571a668cf830e2bc8263a824c87949fb054add9df2e58f1fb8bb81a285154f4383c370166ec2dfeb98565e53ae2cc9d86cd3ff

Download Submit
memory/2176-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4320-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download