ced0025aeb64fe4c11a910fd7da165f1b828806f091a57641a893d0f792e77c4

Analysis

max time kernel
117s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 19:30

Target

c6b0aa8da354c093a2baa4fb7e6e68c8.exe
Size

88KB
MD5

c6b0aa8da354c093a2baa4fb7e6e68c8
SHA1

8f3d59c571cd8a321cd2689fe64e79ef03a9fd67
SHA256

ced0025aeb64fe4c11a910fd7da165f1b828806f091a57641a893d0f792e77c4
SHA512

edc95e038585171cb4c99b45a936a52f10ebaab1ac60820d15b8094d93077db2e119021d08af0712e7698374cc1dff36a4b8ff11e84c7c7e7812207e35a7504e
SSDEEP

1536:EU7ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIf9wYJOf:EqFfHgTWmCRkGbKGLeNTBf9c

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2548	2440	c6b0aa8da354c093a2baa4fb7e6e68c8.exe	30
PID 2440 wrote to memory of 2548	2440	c6b0aa8da354c093a2baa4fb7e6e68c8.exe	30
PID 2440 wrote to memory of 2548	2440	c6b0aa8da354c093a2baa4fb7e6e68c8.exe	30
PID 2440 wrote to memory of 2548	2440	c6b0aa8da354c093a2baa4fb7e6e68c8.exe	30

C:\Users\Admin\AppData\Local\Temp\c6b0aa8da354c093a2baa4fb7e6e68c8.exe
"C:\Users\Admin\AppData\Local\Temp\c6b0aa8da354c093a2baa4fb7e6e68c8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\622D.tmp\622E.tmp\622F.bat C:\Users\Admin\AppData\Local\Temp\c6b0aa8da354c093a2baa4fb7e6e68c8.exe"
  2⤵
  PID:2548

C:\Users\Admin\AppData\Local\Temp\622D.tmp\622E.tmp\622F.bat

Filesize
43B

MD5
09e63112a4e904afd607df91d50bfc11

SHA1
e409a4bf77d8fb26f1aa2c923ba6ce0e6a705695

SHA256
0f0c97eb7985cf8cf2842b4768e45ceeee85fd864f27b9ba0ee366767dfda45e

SHA512
d5d3a06129a487b61db6950b18cc9dd09cfe79ca3f91d8cc0fa897b7e34b824dfcdc3627d62a48165851e9e15c739949a5cd30348e7cc0ce42a10e5ab57a37a1

Download Submit