c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff

Analysis

max time kernel
120s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 23:57

Target

c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe
Size

79KB
MD5

25f14759c42111d16846293dfda5abab
SHA1

92e12ec8de614bc601868883159fea1b9815b1e4
SHA256

c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff
SHA512

0aebbb4f3a87522ccb632a757b67a5e8e419fe97772259b7c389e0251dc061b1dc57fdbb7a94b4f731bb3edab1410b3afcd686bf484850d888937e844d43a6d3
SSDEEP

1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yFB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyFN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3660	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 1900	3636	c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe	93
PID 3636 wrote to memory of 1900	3636	c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe	93
PID 3636 wrote to memory of 1900	3636	c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe	93
PID 1900 wrote to memory of 3660	1900	cmd.exe	94
PID 1900 wrote to memory of 3660	1900	cmd.exe	94
PID 1900 wrote to memory of 3660	1900	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe
"C:\Users\Admin\AppData\Local\Temp\c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:8
1⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
cf9037233719ccabbbe9c8eac9aba04f

SHA1
3694030ed63dec429c77554edbf69d3c562d3920

SHA256
99d5d461f6361aaf29d22555de6b8ad163583c31f5000d0ee270af9a6a812f01

SHA512
eedb03dfdb6127f6bbf41d53da2b1a8ec821c8cb16fe06f7411d63b79d3f43eb615e2c4abcfe3ac3dd28adacbd6b85c0d81e024cbffe7781e2add36329227c79

Download Submit
memory/3636-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3660-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download