b50455e8904d26bfa420e1f5026f490072dd1023862c753097cc488763bc9cce

Analysis

max time kernel
92s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 22:30

Target

b50455e8904d26bfa420e1f5026f490072dd1023862c753097cc488763bc9cce.exe
Size

79KB
MD5

08aa9ec98b3e2cb8b0395f32aa9f98eb
SHA1

70b8b88c3ee0894476468dac019e46545c547f3b
SHA256

b50455e8904d26bfa420e1f5026f490072dd1023862c753097cc488763bc9cce
SHA512

bb6a9fbb78937374bf910f3877df0e17df74e392337046c4676b4318870e8de25cd459f72308d4003b8e588c55de60e693a962b7b9921fb1ab4cf7d7a46fb0d5
SSDEEP

1536:zvE5G5t11t9aOQA8AkqUhMb2nuy5wgIP0CSJ+5y1B8GMGlZ5G:zvH5VtBGdqU7uy5w9WMy1N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4288	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 2288	3972	b50455e8904d26bfa420e1f5026f490072dd1023862c753097cc488763bc9cce.exe	85
PID 3972 wrote to memory of 2288	3972	b50455e8904d26bfa420e1f5026f490072dd1023862c753097cc488763bc9cce.exe	85
PID 3972 wrote to memory of 2288	3972	b50455e8904d26bfa420e1f5026f490072dd1023862c753097cc488763bc9cce.exe	85
PID 2288 wrote to memory of 4288	2288	cmd.exe	86
PID 2288 wrote to memory of 4288	2288	cmd.exe	86
PID 2288 wrote to memory of 4288	2288	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\b50455e8904d26bfa420e1f5026f490072dd1023862c753097cc488763bc9cce.exe
"C:\Users\Admin\AppData\Local\Temp\b50455e8904d26bfa420e1f5026f490072dd1023862c753097cc488763bc9cce.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4288

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
38642c4e76bbcbcdc56d19800f92ff1d

SHA1
8eec75f8468ecb5c7c757ffe950943e44ffaf051

SHA256
df02208135d892a58bf79be03a9846f7752448e80a276d65ce75a58e01d0d93e

SHA512
9733b10ccec29727c2ae55e73efdb2760542485641bd33d72509a43a0b377e69865556e8864b229e17dd8a53b5be763174fd261620dcbab4f04953ad9c4179da

Download Submit
memory/3972-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4288-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download