1660e9ecdf48fc9ae0d1c4884d028d37a8260ca196763374fccf5e416eb955cc

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 18:04

Target

1660e9ecdf48fc9ae0d1c4884d028d37a8260ca196763374fccf5e416eb955cc.exe
Size

79KB
MD5

a2befb57ab3a31fb4343c466322c9ef0
SHA1

104b11e7dd776a9d4f44860432ed2da8215244d7
SHA256

1660e9ecdf48fc9ae0d1c4884d028d37a8260ca196763374fccf5e416eb955cc
SHA512

af953e57e0e8045292c23ae5bb6a026ee40d4efe88721689997192628e98097331cb2f969c833684c477ae6c69c76d846bc70e0e526721dd6fdce0bf8cf40587
SSDEEP

1536:zvmha5/AT2nmBaWOQA8AkqUhMb2nuy5wgIP0CSJ+5yBfB8GMGlZ5G:zvmhu+2nBzGdqU7uy5w9WMyhN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2736	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 380	1592	1660e9ecdf48fc9ae0d1c4884d028d37a8260ca196763374fccf5e416eb955cc.exe	90
PID 1592 wrote to memory of 380	1592	1660e9ecdf48fc9ae0d1c4884d028d37a8260ca196763374fccf5e416eb955cc.exe	90
PID 1592 wrote to memory of 380	1592	1660e9ecdf48fc9ae0d1c4884d028d37a8260ca196763374fccf5e416eb955cc.exe	90
PID 380 wrote to memory of 2736	380	cmd.exe	91
PID 380 wrote to memory of 2736	380	cmd.exe	91
PID 380 wrote to memory of 2736	380	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\1660e9ecdf48fc9ae0d1c4884d028d37a8260ca196763374fccf5e416eb955cc.exe
"C:\Users\Admin\AppData\Local\Temp\1660e9ecdf48fc9ae0d1c4884d028d37a8260ca196763374fccf5e416eb955cc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:380
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2736

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0db4bb30663fcaed7f1c482e5b2bdea5

SHA1
07047a6397f0cf84f0e6fbd2d7e13e475f41df93

SHA256
3f526cb4017cdbe9c84d380eafaa7440455851700358a5a1ada01446e7668f17

SHA512
b37344971a5b8d3ff0ca55ccdbfa063fd67cbf81f231ef5575cd30327347b10236b7ab7d1a3e4dc18b01262ef3da0dc777883c312d38c2769addee72790a4ae6

Download Submit
memory/1592-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2736-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download