ff8b7a0408123d66dac0d983d9c5ce3c8beaf4ae885ac76b2857757a88dc4cb6

Analysis

max time kernel
139s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 01:00

Target

ff8b7a0408123d66dac0d983d9c5ce3c8beaf4ae885ac76b2857757a88dc4cb6.exe
Size

79KB
MD5

cc202f555fcf131432e8d9a20e2f551c
SHA1

b4c71bccfeca5078f7f5a59d14179eec923f03a8
SHA256

ff8b7a0408123d66dac0d983d9c5ce3c8beaf4ae885ac76b2857757a88dc4cb6
SHA512

d02fd940b57ca520508bed8deb0f23c70fda7707f06fa73815b3796d16148f546d88f082ef772607524898f4558347a163f2bc6b747f79e3d650f33d67114b0a
SSDEEP

1536:zveqMOWly+1LMS6T5S0KiOQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvevOW916TI0yGdqU7uy5w9WMyCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1400	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 4556	2364	ff8b7a0408123d66dac0d983d9c5ce3c8beaf4ae885ac76b2857757a88dc4cb6.exe	92
PID 2364 wrote to memory of 4556	2364	ff8b7a0408123d66dac0d983d9c5ce3c8beaf4ae885ac76b2857757a88dc4cb6.exe	92
PID 2364 wrote to memory of 4556	2364	ff8b7a0408123d66dac0d983d9c5ce3c8beaf4ae885ac76b2857757a88dc4cb6.exe	92
PID 4556 wrote to memory of 1400	4556	cmd.exe	93
PID 4556 wrote to memory of 1400	4556	cmd.exe	93
PID 4556 wrote to memory of 1400	4556	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\ff8b7a0408123d66dac0d983d9c5ce3c8beaf4ae885ac76b2857757a88dc4cb6.exe
"C:\Users\Admin\AppData\Local\Temp\ff8b7a0408123d66dac0d983d9c5ce3c8beaf4ae885ac76b2857757a88dc4cb6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4556
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1400

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
01b503cf460137eaa869dd628780e795

SHA1
52004ae0535d1beeea9b5602a8a5a5691b85d2c2

SHA256
46526597f56bf9feb5101ee1d5db8b41f96a3befaafcffcbadd54387adb7d621

SHA512
30ec8bc5c848ff0eeba7d5d524df2d2ca2c9d6281f56b79feb80bc3fd4ff30a779be6c4463848180a8b011e810ccf689d71e694129d23bc1b5cd6fa8e4809400

Download Submit
memory/1400-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2364-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download