a1fe1cd7c637fbb1c24d0fecf237f378eea2b2c7f4ea6d0be198c8a92643d3de

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 21:38

Target

a1fe1cd7c637fbb1c24d0fecf237f378eea2b2c7f4ea6d0be198c8a92643d3de.exe
Size

79KB
MD5

16702c1806d070fd9ffcbec53bfc4df9
SHA1

47a367912312ee85d906cef6629498fb10faf2fa
SHA256

a1fe1cd7c637fbb1c24d0fecf237f378eea2b2c7f4ea6d0be198c8a92643d3de
SHA512

676fb4bde697455e7a021d1635c9001f0052c39374b116353abc16933b41e41683376a1bd1610393f53276c353294da1624729556380562ddca3e080b61507dd
SSDEEP

1536:zvtCL7dPmK9gv/OQA8AkqUhMb2nuy5wgIP0CSJ+5y/B8GMGlZ5G:zvt+uKa2GdqU7uy5w9WMy/N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
624	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 672	1020	a1fe1cd7c637fbb1c24d0fecf237f378eea2b2c7f4ea6d0be198c8a92643d3de.exe	89
PID 1020 wrote to memory of 672	1020	a1fe1cd7c637fbb1c24d0fecf237f378eea2b2c7f4ea6d0be198c8a92643d3de.exe	89
PID 1020 wrote to memory of 672	1020	a1fe1cd7c637fbb1c24d0fecf237f378eea2b2c7f4ea6d0be198c8a92643d3de.exe	89
PID 672 wrote to memory of 624	672	cmd.exe	90
PID 672 wrote to memory of 624	672	cmd.exe	90
PID 672 wrote to memory of 624	672	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\a1fe1cd7c637fbb1c24d0fecf237f378eea2b2c7f4ea6d0be198c8a92643d3de.exe
"C:\Users\Admin\AppData\Local\Temp\a1fe1cd7c637fbb1c24d0fecf237f378eea2b2c7f4ea6d0be198c8a92643d3de.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:672
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:624

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
735b7782f4c9b85a2afbbbbe852753cf

SHA1
c328f2b746f013a70ccf3d96669f7da5428f8e9e

SHA256
9139669619598516d92e209e248db263ec31533426bf64bf5e9fee233d53b5c7

SHA512
c1fdedb3d39af14303832bd748c03d319d1c352d938c3e650f0ce2bcc7e0c000dd485b363e8b7f0befbaded083588bdf61916f244574dad3ae93c989334b592f

Download Submit
memory/624-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1020-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download