c20e793c20589aaeafc2f53a4c78d0f7470d3d0e8f81d30af6e7ef5bb00b0aee

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 22:55

Target

c20e793c20589aaeafc2f53a4c78d0f7470d3d0e8f81d30af6e7ef5bb00b0aee.exe
Size

79KB
MD5

b992d27aed6cdf3311a11165f6edab77
SHA1

29996e84889c810b8b003a3db29e46a7f604468b
SHA256

c20e793c20589aaeafc2f53a4c78d0f7470d3d0e8f81d30af6e7ef5bb00b0aee
SHA512

6195388bafeb8ee1aedce7086301bd456c5431a28429a839aee9a2ee9c61691d5685e508bd0e1295789090683d1cb51a591322a03968abbfc9bd163288965eea
SSDEEP

1536:zvkUugKOznTotoDadOQA8AkqUhMb2nuy5wgIP0CSJ+5yLB8GMGlZ5G:zvJuVtfEGdqU7uy5w9WMyLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4076	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 2868	1492	c20e793c20589aaeafc2f53a4c78d0f7470d3d0e8f81d30af6e7ef5bb00b0aee.exe	90
PID 1492 wrote to memory of 2868	1492	c20e793c20589aaeafc2f53a4c78d0f7470d3d0e8f81d30af6e7ef5bb00b0aee.exe	90
PID 1492 wrote to memory of 2868	1492	c20e793c20589aaeafc2f53a4c78d0f7470d3d0e8f81d30af6e7ef5bb00b0aee.exe	90
PID 2868 wrote to memory of 4076	2868	cmd.exe	91
PID 2868 wrote to memory of 4076	2868	cmd.exe	91
PID 2868 wrote to memory of 4076	2868	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\c20e793c20589aaeafc2f53a4c78d0f7470d3d0e8f81d30af6e7ef5bb00b0aee.exe
"C:\Users\Admin\AppData\Local\Temp\c20e793c20589aaeafc2f53a4c78d0f7470d3d0e8f81d30af6e7ef5bb00b0aee.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4076

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9d44fc5d9443841e4534c6e102a2774b

SHA1
816d09b7c61bf3088b0bdcf809b35109b5f6b05a

SHA256
38394239b1959a11864fc266d122566112670945547aaf9ed0e38829bc6b12c8

SHA512
5b253cd9173fc1160c30d29c89c699ea4b425cc0c6d4340ac020ebcf735f1c0a375bde3b698fa8c4dbad3f01555c3f2631c0976fb211dd51b8abfc1585f67542

Download Submit
memory/1492-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4076-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download