a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 22:05

Target

a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe
Size

79KB
MD5

01ca5daff1b4679bf21d8ffe1998e900
SHA1

eee501048a9cd78bf68bf109824ae025b9786d01
SHA256

a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869
SHA512

5c39ccd69d6af5d3242a85ca3ca5b1e600e7acfc1e2b455dd35254efbd8440c5a381b04b48a8c62d6dcdd5e08d359757050ce2d704c218ec3bd9391add18f077
SSDEEP

1536:zvNtttF470FN/OQA8AkqUhMb2nuy5wgIP0CSJ+5yD22B8GMGlZ5G:zvF470FgGdqU7uy5w9WMyD22N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2672	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 3808	1760	a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe	90
PID 1760 wrote to memory of 3808	1760	a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe	90
PID 1760 wrote to memory of 3808	1760	a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe	90
PID 3808 wrote to memory of 2672	3808	cmd.exe	91
PID 3808 wrote to memory of 2672	3808	cmd.exe	91
PID 3808 wrote to memory of 2672	3808	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe
"C:\Users\Admin\AppData\Local\Temp\a7c6bb6f5d9b23c4ec66e9ee012debc4dce402d47d24d9af38709ef3efa1d869.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3808
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2672

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bb3364b04d07257b5bcd5d74d74bf1be

SHA1
f0f9644a2a067db75ab71f0d18df5f40af4b1854

SHA256
c694443dbf1e4d0a11f4ca9c1a720a5443ed340433925f5e0131e259c21b276d

SHA512
e336bc6d9437fa6a9a773529663026463733baa1563fd289e234769b9940590cd3e369e433143dcf7e45c358412cbd7e9fb67abfc3cdef491ced977ce9292b42

Download Submit
memory/1760-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2672-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download