e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 00:54

Target

e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe
Size

79KB
MD5

dad2459a60d91b62b4b14c5b0c442376
SHA1

5619a24a82dcd963964214db05d7a590b6c45510
SHA256

e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef
SHA512

cca1952c9be72bfb543b11854ef875b9fd3d301bba4f19f0b238f8350f2789da5ee1adb8237b6896f2a4e3b782142c61ea8383663ecabe94dbd138c7b720d5e3
SSDEEP

1536:zvlrnEoGXoOQA8AkqUhMb2nuy5wgIP0CSJ+5ysB8GMGlZ5G:zvlrEoGXtGdqU7uy5w9WMysN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1420	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 4848	4800	e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe	89
PID 4800 wrote to memory of 4848	4800	e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe	89
PID 4800 wrote to memory of 4848	4800	e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe	89
PID 4848 wrote to memory of 1420	4848	cmd.exe	90
PID 4848 wrote to memory of 1420	4848	cmd.exe	90
PID 4848 wrote to memory of 1420	4848	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe
"C:\Users\Admin\AppData\Local\Temp\e60f2fb100447dd9238a7dea33ee9f8f76dccecd47b68a4f56bbce35f9fdfdef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1420

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4f4fb03e102f2bc448ba24cef4ed9ed7

SHA1
d8b37c226b8de0da0d40f36a6ab6ef979c363c16

SHA256
4d7f7eaa2df931f3a5a12e64e0191cf93ea1ddfb987a679a75968acdfb68b5c0

SHA512
0f4de36fbac9d7dccb3d187e22e927bd49844f858795b71066349f301cdaadcb8a4331dfe721842511613561aa6702b1caef8cfffb386d886580fccb625f81f7

Download Submit
memory/1420-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4800-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download