78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 21:41

Target

78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe
Size

73KB
MD5

087034c72e78bf8713ed833d408781fc
SHA1

eaa037b11bb20f85e8fc808da00c23fa98da3490
SHA256

78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02
SHA512

ee9ffc50a1f909fe803483907f08aa78f31b53e696d6e7828831ab0cec7ec2c90da36e3e93a3fb663ba83a0ead7fdf235e01cedd68986148e2992a17d14041e3
SSDEEP

1536:hb43rAq3XzfK5QPqfhVWbdsmA+RjPFLC+e5hH0ZGUGf2g:hczHzNPqfcxA+HFshHOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1436	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 4216	2360	78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe	88
PID 2360 wrote to memory of 4216	2360	78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe	88
PID 2360 wrote to memory of 4216	2360	78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe	88
PID 4216 wrote to memory of 1436	4216	cmd.exe	89
PID 4216 wrote to memory of 1436	4216	cmd.exe	89
PID 4216 wrote to memory of 1436	4216	cmd.exe	89
PID 1436 wrote to memory of 4272	1436	[email protected]	90
PID 1436 wrote to memory of 4272	1436	[email protected]	90
PID 1436 wrote to memory of 4272	1436	[email protected]	90

C:\Users\Admin\AppData\Local\Temp\78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe
"C:\Users\Admin\AppData\Local\Temp\78868f9017cf681cf5edc55e5ff62a57a951e9f6a820dda4082d7bef69b74a02.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4216
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1436
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4272

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
91addcf40a1393b0dc862721e3134b6c

SHA1
39666e448aac64900113621efd40f20877e62019

SHA256
90e15e4bb41cadd3e691dabc2ac610573884dbc0ea1525ae4789f6da44474764

SHA512
f4c948bc12ae9760f2e6a047da5cca091f89a508500cd7cffe3ee716dd6a130bb171ea54f344e704c6f7a2470a65bcd3939356c2b5cee5f97deb7db1c3d04d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/1436-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1436-9-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2360-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2360-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download