a9d9cbabecf91a029e1903453490540a5f00b7e9a3c6e0083969222238c19c4a

Analysis

max time kernel
156s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 22:25

Target

a9d9cbabecf91a029e1903453490540a5f00b7e9a3c6e0083969222238c19c4a.exe
Size

79KB
MD5

b3cf6418a22efe05ea15c8b2227cc1da
SHA1

ba57d6df317ba3f42591c99da52889493aa9a333
SHA256

a9d9cbabecf91a029e1903453490540a5f00b7e9a3c6e0083969222238c19c4a
SHA512

ec403501c0cd9aa4acedf4127c2b1b7a7314584e40f7d640e043aad701af026984e8750b8aaca8c452f4509b492ed5bde68d1902164a020e7dd6b74f8ecad3d8
SSDEEP

1536:zvUaySa+bHSOR6POQA8AkqUhMb2nuy5wgIP0CSJ+5yQB8GMGlZ5G:zv6wHn6mGdqU7uy5w9WMyQN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2252	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 2920	4112	a9d9cbabecf91a029e1903453490540a5f00b7e9a3c6e0083969222238c19c4a.exe	99
PID 4112 wrote to memory of 2920	4112	a9d9cbabecf91a029e1903453490540a5f00b7e9a3c6e0083969222238c19c4a.exe	99
PID 4112 wrote to memory of 2920	4112	a9d9cbabecf91a029e1903453490540a5f00b7e9a3c6e0083969222238c19c4a.exe	99
PID 2920 wrote to memory of 2252	2920	cmd.exe	100
PID 2920 wrote to memory of 2252	2920	cmd.exe	100
PID 2920 wrote to memory of 2252	2920	cmd.exe	100

C:\Users\Admin\AppData\Local\Temp\a9d9cbabecf91a029e1903453490540a5f00b7e9a3c6e0083969222238c19c4a.exe
"C:\Users\Admin\AppData\Local\Temp\a9d9cbabecf91a029e1903453490540a5f00b7e9a3c6e0083969222238c19c4a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a8552b0777b7f7227ae89213fd2eaa96

SHA1
bc08a4717b3b0b66d775933653ebbd6853243d99

SHA256
265d625116660218f8486be44b141476b4680f30bbc5ba9e144c3cc3eba27815

SHA512
f118d88b41b5e6b559e4df427b92aade29d51c96a45c6a32ea9f49534007d9e7fc558ea783c2d1c04de0b7a0b451f412520ab91287ad2783467396d6c3cb2f9a

Download Submit
memory/2252-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4112-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download