8b5860620dd43e390ff52dec1ff13ed2fe229760087b855906b371524c669535

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 23:48

Target

8b5860620dd43e390ff52dec1ff13ed2fe229760087b855906b371524c669535.exe
Size

79KB
MD5

03e50821492e9375e73426aa9f57d139
SHA1

0f99e181ed49dbd81978c223014033e62ec54265
SHA256

8b5860620dd43e390ff52dec1ff13ed2fe229760087b855906b371524c669535
SHA512

43e00995e2bf0d17172bb3d4ee475977d6bd977feb333eabeb8989fedd5bfead731d5b3d878a050016710e0b7054e95d496ea5d57ea4711950e9d58fe3ec4ffd
SSDEEP

1536:zvK/rb8pXNBBGQcnn4OQA8AkqUhMb2nuy5wgIP0CSJ+5y0OmB8GMGlZ5G:zvK/r4dJdQndGdqU7uy5w9WMyON5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4356	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 1696	4968	8b5860620dd43e390ff52dec1ff13ed2fe229760087b855906b371524c669535.exe	85
PID 4968 wrote to memory of 1696	4968	8b5860620dd43e390ff52dec1ff13ed2fe229760087b855906b371524c669535.exe	85
PID 4968 wrote to memory of 1696	4968	8b5860620dd43e390ff52dec1ff13ed2fe229760087b855906b371524c669535.exe	85
PID 1696 wrote to memory of 4356	1696	cmd.exe	86
PID 1696 wrote to memory of 4356	1696	cmd.exe	86
PID 1696 wrote to memory of 4356	1696	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\8b5860620dd43e390ff52dec1ff13ed2fe229760087b855906b371524c669535.exe
"C:\Users\Admin\AppData\Local\Temp\8b5860620dd43e390ff52dec1ff13ed2fe229760087b855906b371524c669535.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4356

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
db2d67b6f517f7c9afa0e6321f3864a6

SHA1
83c9fa7c51bc51d0753e648a22047a0b02ede8a8

SHA256
7395f17e5f51a0553688e91c672ca1ab77f35fdc84f348e04e8d1ecde63c2baa

SHA512
504820d6944cf4a646775d12e82b57fdd924f1c8057c12eb584195443a02c01f189dc9ba9a546adf812a78015ce59cbc8b6755f1f9252308889e1caeeaad7249

Download Submit
memory/4356-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4968-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download