e150db23ee56731b4929283d8e7bc66ef2c4588c42dd1859b52a3ea5decc051b

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 01:50

Target

e150db23ee56731b4929283d8e7bc66ef2c4588c42dd1859b52a3ea5decc051b.exe
Size

79KB
MD5

89955e11042181f9c95b35ad8722185e
SHA1

60fe7d73e647c4cdac2af9d52ec28f00757ed24d
SHA256

e150db23ee56731b4929283d8e7bc66ef2c4588c42dd1859b52a3ea5decc051b
SHA512

1a97b73be527e01154240b497e11f652b4044573023246b13e53ff0446cfa64c6c85022bd15d67478fa7cd7ed0ff6a43490ddb6aeefdae48f268b77f8b444412
SSDEEP

1536:zvANfA7voIfaFOQA8AkqUhMb2nuy5wgIP0CSJ+5yBB8GMGlZ5G:zvANfvi9GdqU7uy5w9WMyBN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3844	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 1924	116	e150db23ee56731b4929283d8e7bc66ef2c4588c42dd1859b52a3ea5decc051b.exe	90
PID 116 wrote to memory of 1924	116	e150db23ee56731b4929283d8e7bc66ef2c4588c42dd1859b52a3ea5decc051b.exe	90
PID 116 wrote to memory of 1924	116	e150db23ee56731b4929283d8e7bc66ef2c4588c42dd1859b52a3ea5decc051b.exe	90
PID 1924 wrote to memory of 3844	1924	cmd.exe	91
PID 1924 wrote to memory of 3844	1924	cmd.exe	91
PID 1924 wrote to memory of 3844	1924	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\e150db23ee56731b4929283d8e7bc66ef2c4588c42dd1859b52a3ea5decc051b.exe
"C:\Users\Admin\AppData\Local\Temp\e150db23ee56731b4929283d8e7bc66ef2c4588c42dd1859b52a3ea5decc051b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1924
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3844

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
525aa6a10eb132948fe460a11da33cee

SHA1
115b056113651ad0044de79eec2a23fc4b5b28f5

SHA256
5821147a9b7ae0101c066653222b09d93dce976132ea23986c9491c31da8dbc4

SHA512
8ac22394aa9c3f03d70cb55755f9266e22d08d23e8cfae73011ab84172101565827d6ae063bb1e466654ff26013ad614eadf391d036b8abd758158b7562c6512

Download Submit
memory/116-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3844-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download