d058c9315fc0f28741570907ab4e13f8c368e4012a459976560adacf4e4c2b68

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 19:57

Target

AhMyth.exe
Size

77.8MB
MD5

4c9022cfd4a8ef4c2d15349c1d8a8a13
SHA1

083731d52f5d9a77a789e854ac2b7af9483590c9
SHA256

ee659fa884e817c3cdfe50868672a0ca376541b3e52457c406d37a8db7f5defa
SHA512

4f927c23082d811a75cab0d4c7b0b05d07bb640b3f0642d1c41992fc9ef394fe868b7362cca07ae4f3b00854a5b9a11976557e143565e5936f1890ee4e50aeb9
SSDEEP

393216:tjZ8iDLRCYHVFhyGZ+OFkjp0922Qg4wYzRWwdBybu8qWxaqliZ0GoJjw45QSCVJR:pH5rYkTxz2cTyWcL0sPdK3q9Es

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

AhMyth.exe

description	pid	process	target process
PID 4424 wrote to memory of 1236	4424	AhMyth.exe	AhMyth.exe
PID 4424 wrote to memory of 1236	4424	AhMyth.exe	AhMyth.exe
PID 4424 wrote to memory of 4400	4424	AhMyth.exe	AhMyth.exe
PID 4424 wrote to memory of 4400	4424	AhMyth.exe	AhMyth.exe

C:\Users\Admin\AppData\Local\Temp\AhMyth.exe
"C:\Users\Admin\AppData\Local\Temp\AhMyth.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4424

C:\Users\Admin\AppData\Local\Temp\AhMyth.exe
"C:\Users\Admin\AppData\Local\Temp\AhMyth.exe" --type=renderer --no-sandbox --primordial-pipe-token=BF8AF89C58FA201EA74E472C09D984D8 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --node-integration=true --hidden-page --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --service-request-channel-token=BF8AF89C58FA201EA74E472C09D984D8 --renderer-client-id=3 --mojo-platform-channel-handle=1912 /prefetch:1
2⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\AhMyth.exe
"C:\Users\Admin\AppData\Local\Temp\AhMyth.exe" --type=renderer --no-sandbox --primordial-pipe-token=2351D6977027186701E4EC120A9F8A36 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --node-integration=true --hidden-page --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --service-request-channel-token=2351D6977027186701E4EC120A9F8A36 --renderer-client-id=5 --mojo-platform-channel-handle=1924 /prefetch:1
2⤵
PID:4400