cbff78b6f753ee807c2763d108783a13e215f310386032789a1c48395782eb7e

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 02:13

Target

cbff78b6f753ee807c2763d108783a13e215f310386032789a1c48395782eb7e.exe
Size

79KB
MD5

79bf0121a7916824b22318f602be2519
SHA1

6c9b308046be20ee57c7d60b834cabb1d6844cb2
SHA256

cbff78b6f753ee807c2763d108783a13e215f310386032789a1c48395782eb7e
SHA512

84dc0157a18f2e505ed2a7a018c32809d4991f2c110c6a155f073256027c5e4cd45818cd98a1938fd37b2f873f883a0c279ec66649e3ea0fb1aae53876ae27c7
SSDEEP

1536:zvWXWFpRBOQA8AkqUhMb2nuy5wgIP0CSJ+5yAB8GMGlZ5G:zvZ7RwGdqU7uy5w9WMyAN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4924	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 2852	3624	cbff78b6f753ee807c2763d108783a13e215f310386032789a1c48395782eb7e.exe	89
PID 3624 wrote to memory of 2852	3624	cbff78b6f753ee807c2763d108783a13e215f310386032789a1c48395782eb7e.exe	89
PID 3624 wrote to memory of 2852	3624	cbff78b6f753ee807c2763d108783a13e215f310386032789a1c48395782eb7e.exe	89
PID 2852 wrote to memory of 4924	2852	cmd.exe	90
PID 2852 wrote to memory of 4924	2852	cmd.exe	90
PID 2852 wrote to memory of 4924	2852	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\cbff78b6f753ee807c2763d108783a13e215f310386032789a1c48395782eb7e.exe
"C:\Users\Admin\AppData\Local\Temp\cbff78b6f753ee807c2763d108783a13e215f310386032789a1c48395782eb7e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4924

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0b614a82fbe4313bfae9a723e5cabb0a

SHA1
2f454ce113f20a163cc55f4a54c600d11e8e3bce

SHA256
713751bcf894397bb779d2f71033481fa0547dc93f42b132e5c9da9c2a8fbfde

SHA512
8bce92c5e46c1b0e652b1605190c274cf3cc82117f48774529fc193e8b9c154bba80bcf01a17862982f61a7f73d98aca7340e5302701993645f6cde848751bb5

Download Submit
memory/3624-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4924-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download