95322b0c52a0f0cc269d9c3238773a30a1b66de572dc388899269f930a2bcc9c

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 20:12

Target

95322b0c52a0f0cc269d9c3238773a30a1b66de572dc388899269f930a2bcc9c.exe
Size

73KB
MD5

54f8e822ecdedca8f6d4cc322cd57cef
SHA1

6edd8cc8e1ba02733918586e7abc9be79ca21fe4
SHA256

95322b0c52a0f0cc269d9c3238773a30a1b66de572dc388899269f930a2bcc9c
SHA512

a963ece2def20bc107cdca0859a41bef1875a3a01660b4e277fa5314bee2b6e81cf648649bdd27f97bb335aa0bad4451b6c127ce412a0ab57a6c77a52d2a99e8
SSDEEP

1536:hblsfGqpK5QPqfhVWbdsmA+RjPFLC+e5ha0ZGUGf2g:hJseqpNPqfcxA+HFshaOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1540	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 4816	2668	95322b0c52a0f0cc269d9c3238773a30a1b66de572dc388899269f930a2bcc9c.exe	88
PID 2668 wrote to memory of 4816	2668	95322b0c52a0f0cc269d9c3238773a30a1b66de572dc388899269f930a2bcc9c.exe	88
PID 2668 wrote to memory of 4816	2668	95322b0c52a0f0cc269d9c3238773a30a1b66de572dc388899269f930a2bcc9c.exe	88
PID 4816 wrote to memory of 1540	4816	cmd.exe	89
PID 4816 wrote to memory of 1540	4816	cmd.exe	89
PID 4816 wrote to memory of 1540	4816	cmd.exe	89
PID 1540 wrote to memory of 4924	1540	[email protected]	90
PID 1540 wrote to memory of 4924	1540	[email protected]	90
PID 1540 wrote to memory of 4924	1540	[email protected]	90

C:\Users\Admin\AppData\Local\Temp\95322b0c52a0f0cc269d9c3238773a30a1b66de572dc388899269f930a2bcc9c.exe
"C:\Users\Admin\AppData\Local\Temp\95322b0c52a0f0cc269d9c3238773a30a1b66de572dc388899269f930a2bcc9c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4816
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1540
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4924

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
8f2a2ebacefef230056a8229d562e7dc

SHA1
b035c5a97bc3191e42aa5389269df60ad2b8245c

SHA256
a0bda2055a282c6cb719dca0e25ad1b898e77b503f4d31bd3d2c383f1cfa0e9a

SHA512
59612f52a842dae63cbb4e832cd95fafabe7cdd66448f02b12c10ea08149082689598020ab4dcd4515d86238b9ac3641296d1de476422af3b3f18188f567bb6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/1540-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2668-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download