a297f034e867de11234e9078b6dd1b02a0e44c76502c59970b52fce13659a124

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 22:55

Target

a297f034e867de11234e9078b6dd1b02a0e44c76502c59970b52fce13659a124.exe
Size

79KB
MD5

ea77a31e8cdad5212f4c23c77da31c6e
SHA1

93d4e3a1044d773b684f8ff09d45c0df6b7fc1dd
SHA256

a297f034e867de11234e9078b6dd1b02a0e44c76502c59970b52fce13659a124
SHA512

14f7f8f27a0f8c631f231db1fa8e33958ef2232c9e95356f86d5832e49cc88e785d3ced52550066f453ab64adcc0b9a78520821740310764e1603baa206a3585
SSDEEP

1536:zvaHKiJv03oWRP3OQA8AkqUhMb2nuy5wgIP0CSJ+5yJhB8GMGlZ5G:zvaH3o5+GdqU7uy5w9WMyHN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2528	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 340 wrote to memory of 100	340	a297f034e867de11234e9078b6dd1b02a0e44c76502c59970b52fce13659a124.exe	90
PID 340 wrote to memory of 100	340	a297f034e867de11234e9078b6dd1b02a0e44c76502c59970b52fce13659a124.exe	90
PID 340 wrote to memory of 100	340	a297f034e867de11234e9078b6dd1b02a0e44c76502c59970b52fce13659a124.exe	90
PID 100 wrote to memory of 2528	100	cmd.exe	91
PID 100 wrote to memory of 2528	100	cmd.exe	91
PID 100 wrote to memory of 2528	100	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\a297f034e867de11234e9078b6dd1b02a0e44c76502c59970b52fce13659a124.exe
"C:\Users\Admin\AppData\Local\Temp\a297f034e867de11234e9078b6dd1b02a0e44c76502c59970b52fce13659a124.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:340
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:100
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2528

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5ec43894340a802a9ecd98ba701338aa

SHA1
f35efe75c8bc13a919e9bb0a7d7796161f5173c3

SHA256
c530df0a534c162afc2769fda72fb375902b5eb170e421831601a1cf75c18b86

SHA512
a82e349799c259878b745b0d55e2bc3f4d1ed933c6c942459072b87a580898c5732fc57e0a87b29504550206d6385a824e4b602525d01c2455894161b1531b04

Download Submit
memory/340-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2528-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download