cab83facd18dcfd2e8e50368c9608555c592ab31ce82174018a9f53727d4d117

Analysis

max time kernel
141s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 01:28

Target

bf7be684edd143fb2b70dcd0ffe11a58.exe
Size

744KB
MD5

bf7be684edd143fb2b70dcd0ffe11a58
SHA1

3f3911a0a59a27077e4c6d27bf12758d91cce6e0
SHA256

cab83facd18dcfd2e8e50368c9608555c592ab31ce82174018a9f53727d4d117
SHA512

b384e42fb89a06588f593df38272ff1841bfad582b45dfcc6f4b605b23b8c4b66fbb8b11a99c1d10eb016efa3e5c7c27dce32cc35ba2f7e4766648ee2632d97c
SSDEEP

12288:uaHc64b888888888888W888888888889jscV7TdjL47zdU5imqsX3sv33rD+zG/4:F86IIW7uvmQBsHUezG/aYFkJR30F6rpR

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4716	bf7be684edd143fb2b70dcd0ffe11a58.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	4	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 4716	436	bf7be684edd143fb2b70dcd0ffe11a58.exe	85
PID 436 wrote to memory of 4716	436	bf7be684edd143fb2b70dcd0ffe11a58.exe	85
PID 436 wrote to memory of 4716	436	bf7be684edd143fb2b70dcd0ffe11a58.exe	85

C:\Users\Admin\AppData\Local\Temp\bf7be684edd143fb2b70dcd0ffe11a58.exe
"C:\Users\Admin\AppData\Local\Temp\bf7be684edd143fb2b70dcd0ffe11a58.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:436
- C:\Users\Admin\AppData\Local\Temp\is-FLV3N.tmp\bf7be684edd143fb2b70dcd0ffe11a58.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-FLV3N.tmp\bf7be684edd143fb2b70dcd0ffe11a58.tmp" /SL5="$501CA,371795,121344,C:\Users\Admin\AppData\Local\Temp\bf7be684edd143fb2b70dcd0ffe11a58.exe"
  2⤵
  - Executes dropped EXE
  PID:4716

C:\Users\Admin\AppData\Local\Temp\is-FLV3N.tmp\bf7be684edd143fb2b70dcd0ffe11a58.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/436-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/436-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4716-5-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/4716-8-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4716-11-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download