5002c6bb04935ffd0f6d5665f1669d1a72e98937d0decd19c320305056a20c54

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 21:31

Target

5002c6bb04935ffd0f6d5665f1669d1a72e98937d0decd19c320305056a20c54.exe
Size

79KB
MD5

31fd9bc5010092a7984262c7e584e253
SHA1

3f0e20402a1f69d20be17837654c73d1ebf8575f
SHA256

5002c6bb04935ffd0f6d5665f1669d1a72e98937d0decd19c320305056a20c54
SHA512

1ffe2c985f08ab739af36af8afc380e4fad74afb693c3a01eb0ed4752ff1ebc3fec152ff6645bdf301af7edfa19de79ae9bdb9d127a38137d1ff2553c213a8aa
SSDEEP

1536:zvgi65TibfbP/CYghOQA8AkqUhMb2nuy5wgIP0CSJ+5yUB8GMGlZ5G:zv5zzjgQGdqU7uy5w9WMyUN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1744	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 532	2488	5002c6bb04935ffd0f6d5665f1669d1a72e98937d0decd19c320305056a20c54.exe	89
PID 2488 wrote to memory of 532	2488	5002c6bb04935ffd0f6d5665f1669d1a72e98937d0decd19c320305056a20c54.exe	89
PID 2488 wrote to memory of 532	2488	5002c6bb04935ffd0f6d5665f1669d1a72e98937d0decd19c320305056a20c54.exe	89
PID 532 wrote to memory of 1744	532	cmd.exe	90
PID 532 wrote to memory of 1744	532	cmd.exe	90
PID 532 wrote to memory of 1744	532	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\5002c6bb04935ffd0f6d5665f1669d1a72e98937d0decd19c320305056a20c54.exe
"C:\Users\Admin\AppData\Local\Temp\5002c6bb04935ffd0f6d5665f1669d1a72e98937d0decd19c320305056a20c54.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1744

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
446426e971e8554374f68c620362a88b

SHA1
3c0a3c18adc62e3ab2c22b243d8940734041f18e

SHA256
9f27146e0e4ebfca3f8d6edcd010c86b89aed919ac36a4cf5b9cbff40328d772

SHA512
c8401e3115579a57fc4d7b43db9449a02d156306ac4655669b9e0ac0c1016da3fac0ec3cc9d8afd3c395e20a6f4670463a5d39dcab44e991d6ab7f5fb6435548

Download Submit
memory/1744-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2488-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download