d7f3b5aebc776777129320884547a2e0b91db2e4526f25d23b24503057064bf1

Analysis

max time kernel
38s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 10:30

Target

lvi.exe
Size

1.6MB
MD5

2f24e8f824a6ddd81a991a2ab3b420b5
SHA1

08c4c0bdd3d7b41d45e3bf6fde12379568dac692
SHA256

d7f3b5aebc776777129320884547a2e0b91db2e4526f25d23b24503057064bf1
SHA512

d7ef8fa1f690cca97fff1910c4a9976f1fcb9e16e16cfe5d6f31652cad8c99c72e7aa921ba558ba11074ff717afb23148ec21758abc91a371175acdcd9f248ed
SSDEEP

24576:964ixYVYBNHpPBJ+JHDSzTx1cjHCq/AtAeSwNlWEIm0PHbe8T0uPKTyp:w4G+YBNHp5SHWzTv4roWBz5m0fbe8x

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 2460	3556	lvi.exe	95
PID 3556 wrote to memory of 2460	3556	lvi.exe	95
PID 2460 wrote to memory of 2300	2460	cmd.exe	96
PID 2460 wrote to memory of 2300	2460	cmd.exe	96
PID 2460 wrote to memory of 4516	2460	cmd.exe	98
PID 2460 wrote to memory of 4516	2460	cmd.exe	98
PID 2460 wrote to memory of 1768	2460	cmd.exe	100
PID 2460 wrote to memory of 1768	2460	cmd.exe	100

C:\Users\Admin\AppData\Local\Temp\lvi.exe
"C:\Users\Admin\AppData\Local\Temp\lvi.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\lvi.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\lvi.exe" MD5
    3⤵
    PID:2300
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4516
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1768