1a3883660edf47d82d26f4dabd2d0300a167e09eed8d295f43255bea9a240324

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 22:49

Target

bd015fd07655df843a46a9176875b492.exe
Size

84KB
MD5

bd015fd07655df843a46a9176875b492
SHA1

3b6306793798fff18df515591f25fff87f00a949
SHA256

1a3883660edf47d82d26f4dabd2d0300a167e09eed8d295f43255bea9a240324
SHA512

39a5d349e4913040ac02faf444c556c64b4c0aee70a06e791b0ffeaf218fcb811acaf6471f1fd177bc08c87e8663a79e40eda8697ca1b047f60421f35fe7afcc
SSDEEP

1536:E07st5df0hl4M9lvJpDmNK6o9A9sw580CU1n6pNYwKz+f6YuhN/kYMIT9:EqSD0hl99pBJ9PwC0pMNYwKzW6YuhhkM

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4064	E.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 4064	3104	bd015fd07655df843a46a9176875b492.exe	89
PID 3104 wrote to memory of 4064	3104	bd015fd07655df843a46a9176875b492.exe	89
PID 3104 wrote to memory of 4064	3104	bd015fd07655df843a46a9176875b492.exe	89

C:\Users\Admin\AppData\Local\Temp\bd015fd07655df843a46a9176875b492.exe
"C:\Users\Admin\AppData\Local\Temp\bd015fd07655df843a46a9176875b492.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3104
- C:\E.exe
  foo
  2⤵
  - Executes dropped EXE
  PID:4064

C:\E.exe

Filesize
311KB

MD5
b346ef4629f3c969528654381101b3bb

SHA1
f4b5799e12cb07aeaee01ed406d397d493101a2d

SHA256
bd666bb1defd085f805de4a38200573befa225e5a624450cf5a2b6f36b4d91de

SHA512
cf36a019474dcdcf7f7a0a3b0e178943155eb0af9dcc3b8bdba16e4ddbdef32c6a906afdf9e46f7a084fb74995398ca02a2c9a89bffb73244836eb2fe24d34a8

Download Submit
memory/3104-5-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4064-4-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download