Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 09:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c30b0bbad81350632d4c1f159834d999.exe
Resource
win7-20240221-en
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
c30b0bbad81350632d4c1f159834d999.exe
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
c30b0bbad81350632d4c1f159834d999.exe
-
Size
402KB
-
MD5
c30b0bbad81350632d4c1f159834d999
-
SHA1
ce059ee391aa495a203a7570cd3c3e300068dfdb
-
SHA256
0fb699b995c7844be905bde197f7ba9da846861a5030b1bbf15bf5a5cc9c460b
-
SHA512
99e56d2d052c7e85d384ab81320695a8f2fad9e2c2e447f18a0db4bc9008e16c2967037cc9901136eb53c7b69ab7a7875a129b664a7444bff18fb87564ea31f6
-
SSDEEP
12288:SfX25krtcNSYIgM2qmkllWvxgRs0QYm8LKt8832BZb0cTpcttI8X3vGs9ctM:SfX25krtcNSYIgMpu70kaK13SNX9it39
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 3700 c30b0bbad81350632d4c1f159834d999.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3700 wrote to memory of 220 3700 c30b0bbad81350632d4c1f159834d999.exe 90 PID 3700 wrote to memory of 220 3700 c30b0bbad81350632d4c1f159834d999.exe 90 PID 3700 wrote to memory of 220 3700 c30b0bbad81350632d4c1f159834d999.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\c30b0bbad81350632d4c1f159834d999.exe"C:\Users\Admin\AppData\Local\Temp\c30b0bbad81350632d4c1f159834d999.exe"1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3700 -
C:\Users\Admin\AppData\Local\Temp\c30b0bbad81350632d4c1f159834d999.exe"C:\Users\Admin\AppData\Local\Temp\c30b0bbad81350632d4c1f159834d999.exe"2⤵PID:220
-