24d58b7b8ce41ec1f630881273cc5a7eb9f3974b71ebccc531c3ebc5aa63a439

Analysis

max time kernel
117s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 18:42

Target

24d58b7b8ce41ec1f630881273cc5a7eb9f3974b71ebccc531c3ebc5aa63a439.exe
Size

79KB
MD5

31e45ee3b44026a1b11f4826e25fb881
SHA1

9bd173cfedcc10057d6a0711c8e3726d5275f4a9
SHA256

24d58b7b8ce41ec1f630881273cc5a7eb9f3974b71ebccc531c3ebc5aa63a439
SHA512

d794d7f93e83b67553d9f76f8db7e1c6603cb8cccd342222d787a5eaa09e1d76b8ea50e5212d3f89d1b53d8b5f75bfc6c2b85be6748cd550180b48f0f6c87edf
SSDEEP

1536:zvPYITkR/PXhNiYiOQA8AkqUhMb2nuy5wgIP0CSJ+5y3B8GMGlZ5G:zvNWf6WGdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4396	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 1900	3556	24d58b7b8ce41ec1f630881273cc5a7eb9f3974b71ebccc531c3ebc5aa63a439.exe	85
PID 3556 wrote to memory of 1900	3556	24d58b7b8ce41ec1f630881273cc5a7eb9f3974b71ebccc531c3ebc5aa63a439.exe	85
PID 3556 wrote to memory of 1900	3556	24d58b7b8ce41ec1f630881273cc5a7eb9f3974b71ebccc531c3ebc5aa63a439.exe	85
PID 1900 wrote to memory of 4396	1900	cmd.exe	86
PID 1900 wrote to memory of 4396	1900	cmd.exe	86
PID 1900 wrote to memory of 4396	1900	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\24d58b7b8ce41ec1f630881273cc5a7eb9f3974b71ebccc531c3ebc5aa63a439.exe
"C:\Users\Admin\AppData\Local\Temp\24d58b7b8ce41ec1f630881273cc5a7eb9f3974b71ebccc531c3ebc5aa63a439.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4396

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
64b9f87f7387cc7e6bb1f653cf6b7205

SHA1
92fc1cd511bf5feb10d4d4c67ae110e7d9665f88

SHA256
0c361965c54f821bd9d8c97012eb9723a6c61d14444dc9ec0ce004b25db7893e

SHA512
e0fe2a50320d9af6c74e76ea149f0340abfad14e68fd8ba70b9b3b75e084a69a336b432c49ef5cd5ba2db9627cb2fab6bf2ef4702c50366de2c993dbecfbde63

Download Submit
memory/3556-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4396-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download