e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf

Analysis

max time kernel
137s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 01:00

Target

e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe
Size

79KB
MD5

26d050fcdda7a10c0b1a05ec965fea05
SHA1

6bef086fea3d86b145512903206f4cf27771ba92
SHA256

e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf
SHA512

f0daf7807bd19786e289710c2844a863cf758f244439e8922be0118a418ebc7cd56d7a978d17449625e71a94ac2dc8b7b9ba3f622bf6abb7e6b5f6e04ff2167e
SSDEEP

1536:zvFCi+hPMVazshHjic8OQA8AkqUhMb2nuy5wgIP0CSJ+5yvB8GMGlZ5G:zvFoh0ESDicJGdqU7uy5w9WMyvN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1208	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 2704	220	e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe	99
PID 220 wrote to memory of 2704	220	e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe	99
PID 220 wrote to memory of 2704	220	e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe	99
PID 2704 wrote to memory of 1208	2704	cmd.exe	100
PID 2704 wrote to memory of 1208	2704	cmd.exe	100
PID 2704 wrote to memory of 1208	2704	cmd.exe	100

C:\Users\Admin\AppData\Local\Temp\e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe
"C:\Users\Admin\AppData\Local\Temp\e8cca7cea21487e43112aab7856d9be86da79110fa782ae0c8db229e22205abf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:220
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3180 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ecd1e6421c10f7818f514e252a0bb5e2

SHA1
93223fb7156f3d21c8eb1bb991cf7dd4226ad816

SHA256
f2074f2eed6b9f671816f0af71651b5136951de7329f4536f46364d0b78b9845

SHA512
fabbef6578196ba835f907193c8864267f9e0a49e5b21df1aae82547216f5492ddd0a94abb0982434c3bd138ba7c92f9bb00b2920a007eb8521b367c534e1960

Download Submit
memory/220-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/220-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1208-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download