3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 18:06

Target

3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe
Size

79KB
MD5

81f2a430351344558ab96b8389e253bd
SHA1

0cab280ab7094da984800124ae5196ae6960f4c9
SHA256

3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111
SHA512

51e6b3f7e7d0ef805b70d352ea1200a98874f5560ee010a04203972c2625723a4a48ee10ce795a1a997bced7717b5485579296716a1097819636f2c749943aa4
SSDEEP

1536:zvuE77Aou+e+OQA8AkqUhMb2nuy5wgIP0CSJ+5yxB8GMGlZ5G:zvuE7c+MGdqU7uy5w9WMyxN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3076	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 4168	1292	3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe	89
PID 1292 wrote to memory of 4168	1292	3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe	89
PID 1292 wrote to memory of 4168	1292	3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe	89
PID 4168 wrote to memory of 3076	4168	cmd.exe	90
PID 4168 wrote to memory of 3076	4168	cmd.exe	90
PID 4168 wrote to memory of 3076	4168	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe
"C:\Users\Admin\AppData\Local\Temp\3a493f38b6a91aea79f125262b08b0102a477e5f6addbf1a22ed1fe3cd00c111.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4168
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3076

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5448e4eb4db1e7564cd110e6b04c1e94

SHA1
81aa8d9cef9431bd022bcc54c13cc226060d0375

SHA256
2d48205b1ad3c08a16003b844814762e8da397ec6da087e6c83e11937e7a0a74

SHA512
6e007c186eb5ae9e41e4cb88ad9d75d6f413effbf96c3b7afec1ed3310658d4e2ff29f523235db2fb862a660b63ed5cdfd69b1bbb6e2f11f84d9dd825592e4de

Download Submit
memory/1292-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3076-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download