353fcf3d84eee443c8ead11c332dc713126203235fc797c9eb262aba0a83c258

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 19:22

Target

353fcf3d84eee443c8ead11c332dc713126203235fc797c9eb262aba0a83c258.exe
Size

79KB
MD5

2082fefcf694a246bfe26663abd3a32a
SHA1

8c275becb1a525be32434b60254993555d991f3e
SHA256

353fcf3d84eee443c8ead11c332dc713126203235fc797c9eb262aba0a83c258
SHA512

9a89fc094969c913dcaa2c12af826b19df7c8696c2a3e9e64867ed3f26647553acf3d21c01fb2f1a8c9c80a9b905ea0aa30684c28d943d4d7b9de4e6e7bb001c
SSDEEP

1536:zvlhoiHiPFWDJOQA8AkqUhMb2nuy5wgIP0CSJ+5ycB8GMGlZ5G:zvVCd/GdqU7uy5w9WMycN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
5108	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 3992	212	353fcf3d84eee443c8ead11c332dc713126203235fc797c9eb262aba0a83c258.exe	98
PID 212 wrote to memory of 3992	212	353fcf3d84eee443c8ead11c332dc713126203235fc797c9eb262aba0a83c258.exe	98
PID 212 wrote to memory of 3992	212	353fcf3d84eee443c8ead11c332dc713126203235fc797c9eb262aba0a83c258.exe	98
PID 3992 wrote to memory of 5108	3992	cmd.exe	100
PID 3992 wrote to memory of 5108	3992	cmd.exe	100
PID 3992 wrote to memory of 5108	3992	cmd.exe	100

C:\Users\Admin\AppData\Local\Temp\353fcf3d84eee443c8ead11c332dc713126203235fc797c9eb262aba0a83c258.exe
"C:\Users\Admin\AppData\Local\Temp\353fcf3d84eee443c8ead11c332dc713126203235fc797c9eb262aba0a83c258.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3992
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4000 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fba3bc0621a10ce5486a507f0cfb68a9

SHA1
080933e6ee8512daa118b9cd1c7a6abb77e7b830

SHA256
10fd91c01b7469e2e73d63902fd1ec078e3327a10d48c2f29d81eb9a79a865e6

SHA512
485d5d400420617ff4cbdc6dda4bee4835aecf2d921e110dd9d8870209bc0c83d55706474d2b4cbfe18c84a69d106c900350c05bdd322063f22da6479aa40733

Download Submit
memory/212-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5108-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download