94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 02:36

Target

94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7.exe
Size

472KB
MD5

8f28e6e7cbb26e8fea9f4159d066d5c2
SHA1

cd56b84d780ff97e7a3a4097d7f74b449a8813e0
SHA256

94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7
SHA512

2beac9410fae0ef2f16af15297856ea5f81f684583a7527449c03f045bd24ce6d33eca3623652c6d660bf412b37a92d1ec09106666753bc77942edc1ada8f34b
SSDEEP

12288:0qdiSGLLpiP53YQREUOzBunZTfueIPdBV4m+ieY:5iJLFiFYAEXzB2ZzgFr4Bie

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7.exe

description	pid	process	target process
PID 884 wrote to memory of 2004	884	94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7.exe	cmd.exe
PID 884 wrote to memory of 2004	884	94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7.exe	cmd.exe
PID 884 wrote to memory of 2004	884	94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7.exe	cmd.exe
PID 884 wrote to memory of 2004	884	94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7.exe
"C:\Users\Admin\AppData\Local\Temp\94007c8b546d0dc4f027648b7387172b8da85ce2975e935f44dc3f36417d0ca7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c color c2
  2⤵
  PID:2004