90e0d081a0014cf7ae16bf7a65c18ff848f9fa5e97fd82cdf931533ed419ae7e

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 10:39

Target

be66117562e7407349f760c24f2ce06e.exe
Size

189KB
MD5

be66117562e7407349f760c24f2ce06e
SHA1

eab641157b93c85a1167ae873f0070ccb5ecbc96
SHA256

90e0d081a0014cf7ae16bf7a65c18ff848f9fa5e97fd82cdf931533ed419ae7e
SHA512

3a5489972cedf1110fccf0a2d1c89c327a528eb0e5b5e3a59bce3044e7273472798222da6395c6d54d470b81a8700c87432fb32589d2b355f88e473386030b7c
SSDEEP

3072:7i/5O3+EdruLh5T0vsvfN73W1/11OytH0sp5+D6qShDRMf9rcjEVqgjv/p:+xO3+Edr+5QUXccaH02G6qa86jOjHp

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2696	ravsons.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2228	2696	WerFault.exe	95

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 2696	4000	be66117562e7407349f760c24f2ce06e.exe	95
PID 4000 wrote to memory of 2696	4000	be66117562e7407349f760c24f2ce06e.exe	95
PID 4000 wrote to memory of 2696	4000	be66117562e7407349f760c24f2ce06e.exe	95
PID 4000 wrote to memory of 4556	4000	be66117562e7407349f760c24f2ce06e.exe	101
PID 4000 wrote to memory of 4556	4000	be66117562e7407349f760c24f2ce06e.exe	101
PID 4000 wrote to memory of 4556	4000	be66117562e7407349f760c24f2ce06e.exe	101

C:\Users\Admin\AppData\Local\Temp\be66117562e7407349f760c24f2ce06e.exe
"C:\Users\Admin\AppData\Local\Temp\be66117562e7407349f760c24f2ce06e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Users\Admin\AppData\Local\Temp\ravsons.exe
  C:\Users\Admin\AppData\Local\Temp\ravsons.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
    3⤵
    - Program crash
    PID:2228
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ddmtrayk2.bat
  2⤵
  PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2696 -ip 2696
1⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=3136,i,3192284747741020952,1225278682167953346,262144 --variations-seed-version /prefetch:8
1⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\ddmtrayk2.bat

Filesize
182B

MD5
d09220a16c12777bec368482e0514a56

SHA1
9dd7d372d0eb5a0b0cd5c15470b53a7ef4e2c458

SHA256
9be83f98fc200661eb27158bf1255a8e4042889afbb53fc3a6783583f7e14426

SHA512
8072c722a34d82d7da0dd23e96e94dfb92b3b57c3d8d1aff1a0e6ffa8875eefa190654b9547ae37820374d23885799b319e9b53da974aacd5b731b6bcb4c238b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ravsons.exe

Filesize
100KB

MD5
679b974554505fdacd8c79eae2735664

SHA1
5975cbab2aae0c10e676dcc51f9cedef5db4413d

SHA256
d9be6be8ac93fc7e4d1469a97863e6d1b0501c03f5bdd82df4632a52aa5a2bc3

SHA512
653cc0755e0ce3bb448e10c5ac3f582b3a1d0aeeb6c1dc0ad586adfc500ca5b6a68bc0e0fd4bc9851d8c78448be1d149d3cc896d439627da2aeff13736ef1427

Download Submit
memory/2696-10-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4000-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4000-1-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/4000-13-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download