b6bfb36a5304b0c259b0338198a4655235b8874a4c03f863799bf71a4cf1b420

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 09:05

Target

b6bfb36a5304b0c259b0338198a4655235b8874a4c03f863799bf71a4cf1b420.exe
Size

79KB
MD5

90681c44d9b1c9ff828febcbbc033685
SHA1

459cd44059ce4b1ec95a5e7b38f2284334ccc1dd
SHA256

b6bfb36a5304b0c259b0338198a4655235b8874a4c03f863799bf71a4cf1b420
SHA512

7bba7323163219f21475d95ca89fd4230bfcae0b3facd0242f902df2839df6940c5013f540cc4f4f0cc5be32f4f6c3f3dc4fed264101be72653e75555fe16b44
SSDEEP

1536:zvSZgF4D2h9f+7nwEPFH8+5OQA8AkqUhMb2nuy5wgIP0CSJ+5yDB8GMGlZ5G:zvBhv2r+GdqU7uy5w9WMyDN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3196	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 4904	3308	b6bfb36a5304b0c259b0338198a4655235b8874a4c03f863799bf71a4cf1b420.exe	89
PID 3308 wrote to memory of 4904	3308	b6bfb36a5304b0c259b0338198a4655235b8874a4c03f863799bf71a4cf1b420.exe	89
PID 3308 wrote to memory of 4904	3308	b6bfb36a5304b0c259b0338198a4655235b8874a4c03f863799bf71a4cf1b420.exe	89
PID 4904 wrote to memory of 3196	4904	cmd.exe	90
PID 4904 wrote to memory of 3196	4904	cmd.exe	90
PID 4904 wrote to memory of 3196	4904	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\b6bfb36a5304b0c259b0338198a4655235b8874a4c03f863799bf71a4cf1b420.exe
"C:\Users\Admin\AppData\Local\Temp\b6bfb36a5304b0c259b0338198a4655235b8874a4c03f863799bf71a4cf1b420.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4904
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3196

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6a5ceeeea7edd14bc69c4b55d040e77d

SHA1
9a62059d67dd0aaf64f7791adbbe8c16d989e0c7

SHA256
1603f4482cd9be2ad2ec9f8a2bc2cc77225a778f639f3c8d7d7850b4e3ca52ad

SHA512
1c0310442b86227c3c470532c8fd964e3577d8804a7ed48658b97b4ecaad8edd77fc4cd715f0f789f3f5d923db2b42e38022085cb919d30360a1c4a4eddf8ffc

Download Submit
memory/3196-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3308-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download