ced0025aeb64fe4c11a910fd7da165f1b828806f091a57641a893d0f792e77c4

Analysis

max time kernel
156s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 19:30

Target

c6b0aa8da354c093a2baa4fb7e6e68c8.exe
Size

88KB
MD5

c6b0aa8da354c093a2baa4fb7e6e68c8
SHA1

8f3d59c571cd8a321cd2689fe64e79ef03a9fd67
SHA256

ced0025aeb64fe4c11a910fd7da165f1b828806f091a57641a893d0f792e77c4
SHA512

edc95e038585171cb4c99b45a936a52f10ebaab1ac60820d15b8094d93077db2e119021d08af0712e7698374cc1dff36a4b8ff11e84c7c7e7812207e35a7504e
SSDEEP

1536:EU7ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIf9wYJOf:EqFfHgTWmCRkGbKGLeNTBf9c

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 4340	4364	c6b0aa8da354c093a2baa4fb7e6e68c8.exe	88
PID 4364 wrote to memory of 4340	4364	c6b0aa8da354c093a2baa4fb7e6e68c8.exe	88

C:\Users\Admin\AppData\Local\Temp\c6b0aa8da354c093a2baa4fb7e6e68c8.exe
"C:\Users\Admin\AppData\Local\Temp\c6b0aa8da354c093a2baa4fb7e6e68c8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\7EE4.tmp\7EE5.tmp\7EE6.bat C:\Users\Admin\AppData\Local\Temp\c6b0aa8da354c093a2baa4fb7e6e68c8.exe"
  2⤵
  PID:4340

C:\Users\Admin\AppData\Local\Temp\7EE4.tmp\7EE5.tmp\7EE6.bat

Filesize
43B

MD5
09e63112a4e904afd607df91d50bfc11

SHA1
e409a4bf77d8fb26f1aa2c923ba6ce0e6a705695

SHA256
0f0c97eb7985cf8cf2842b4768e45ceeee85fd864f27b9ba0ee366767dfda45e

SHA512
d5d3a06129a487b61db6950b18cc9dd09cfe79ca3f91d8cc0fa897b7e34b824dfcdc3627d62a48165851e9e15c739949a5cd30348e7cc0ce42a10e5ab57a37a1

Download Submit