836d7ee402c7276d4f9a18a1af47391f118111f17787c87767780bb9bea5f56b

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2024, 08:33

Target

cd973740dfb49d2a0bf37833dac9107f.exe
Size

59KB
MD5

cd973740dfb49d2a0bf37833dac9107f
SHA1

9f9472f2a7a1b980d2609a1878390a9d7e6fb03c
SHA256

836d7ee402c7276d4f9a18a1af47391f118111f17787c87767780bb9bea5f56b
SHA512

81eb92868854454e3a32aa5f589805a90d810679e169cf5f39667d8a71e183d433b0842c9cf1312b413b21789d79925999bfd74f3220e31c889b84ff715d0504
SSDEEP

1536:wCKoLD+h/84UimkdxMxYdSByYJFsEMMP2R:wCKomy45Z2Y0ou3vy

Score

1^/10

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\donc:\d0ok3raddons.dat	cd973740dfb49d2a0bf37833dac9107f.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 3492	3272	cd973740dfb49d2a0bf37833dac9107f.exe	57
PID 3272 wrote to memory of 3492	3272	cd973740dfb49d2a0bf37833dac9107f.exe	57
PID 3272 wrote to memory of 3492	3272	cd973740dfb49d2a0bf37833dac9107f.exe	57
PID 3272 wrote to memory of 3492	3272	cd973740dfb49d2a0bf37833dac9107f.exe	57

memory/3272-0-0x0000000000400000-0x0000000000409960-memory.dmp

Filesize
38KB

Download
memory/3272-1-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3272-7-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3272-6-0x0000000000400000-0x0000000000409960-memory.dmp

Filesize
38KB

Download
memory/3492-2-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3492-3-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download