abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 22:11

Target

abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe
Size

79KB
MD5

9a13c55289e826574f6ee19133c15ec1
SHA1

088661a09bc25f62597c169dcfa8a6f5364457a5
SHA256

abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922
SHA512

5a46429f92232577c61edbb21c128823f548caf1c6b1828bfecd1c3a75dd6c3b4668282e9fcdcc9b1c35e15f4c7b205b1c0900b7df259a4481676e1ae2dc9042
SSDEEP

1536:zvhsB3L8IR1f1wOQA8AkqUhMb2nuy5wgIP0CSJ+5yXB8GMGlZ5G:zvKlL8IRJ1lGdqU7uy5w9WMyXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1360	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 940	4812	abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe	89
PID 4812 wrote to memory of 940	4812	abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe	89
PID 4812 wrote to memory of 940	4812	abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe	89
PID 940 wrote to memory of 1360	940	cmd.exe	90
PID 940 wrote to memory of 1360	940	cmd.exe	90
PID 940 wrote to memory of 1360	940	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe
"C:\Users\Admin\AppData\Local\Temp\abc0d00d696c1db1b226f747a944d108d72378fe31366773cc5fd132d4ed1922.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:940
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1360

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
09c430a9e610262fa30a6866e159d2de

SHA1
f71db97888c0f065da6125859f7d2e7d02dd11a1

SHA256
15790c6c8af00de57783f827451181c19666187ac9b351cddf947d93969b3fbb

SHA512
861f2beaa515d87657a81c81a42fa0a3d9ce6eec0d39374df3b7c01d921d7c04147b6742d1aa93ce1c0233acbe30b51b9cf4a50705466b3efaa9f3de2004f1b5

Download Submit
memory/1360-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4812-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download