ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 02:19

Target

ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe
Size

79KB
MD5

203639d3e32b02411021912a97472834
SHA1

bdd7867ccea56af4bb09ac084724c69ad76915d5
SHA256

ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe
SHA512

f53f566b1cfefbc53c1c7d51b7fecae33e4d680788ca63aa8933d60d00b21c4e1fd49fb9bf1f992b9b938673c51904d32d0c92c9a9ac1118b976b3ed24877e0e
SSDEEP

1536:zvKF4uRm+53CRfNducyOQA8AkqUhMb2nuy5wgIP0CSJ+5y5B8GMGlZ5G:zvNuAjGdqU7uy5w9WMy5N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4492	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 2228	3608	ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe	88
PID 3608 wrote to memory of 2228	3608	ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe	88
PID 3608 wrote to memory of 2228	3608	ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe	88
PID 2228 wrote to memory of 4492	2228	cmd.exe	89
PID 2228 wrote to memory of 4492	2228	cmd.exe	89
PID 2228 wrote to memory of 4492	2228	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe
"C:\Users\Admin\AppData\Local\Temp\ef03f896cb78b658cb19a8b4ce5d40f162294e8345ddf86e3cbe5ce5f988adfe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4492

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ff940ec83356b5b039240a9452344a13

SHA1
3d3728da745091477bc3eda208684d496a5f9424

SHA256
1661aa37abb31cf9bfc52f99819955e14fe88f711f0159731d29830cd079ce2b

SHA512
60dd0cbed544bce16034b6ff36b30fe0bf953666201cf2d505b392b0d02672797f8344a3234821c2bbdc3b732b9a80e9455d8dfd8c794471d2e19dbb70f651e1

Download Submit
memory/3608-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4492-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download