d7f3b5aebc776777129320884547a2e0b91db2e4526f25d23b24503057064bf1

Analysis

max time kernel
29s
max time network
34s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27-03-2024 10:30

Target

lvi.exe
Size

1.6MB
MD5

2f24e8f824a6ddd81a991a2ab3b420b5
SHA1

08c4c0bdd3d7b41d45e3bf6fde12379568dac692
SHA256

d7f3b5aebc776777129320884547a2e0b91db2e4526f25d23b24503057064bf1
SHA512

d7ef8fa1f690cca97fff1910c4a9976f1fcb9e16e16cfe5d6f31652cad8c99c72e7aa921ba558ba11074ff717afb23148ec21758abc91a371175acdcd9f248ed
SSDEEP

24576:964ixYVYBNHpPBJ+JHDSzTx1cjHCq/AtAeSwNlWEIm0PHbe8T0uPKTyp:w4G+YBNHp5SHWzTv4roWBz5m0fbe8x

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1908	1584	lvi.exe	79
PID 1584 wrote to memory of 1908	1584	lvi.exe	79
PID 1908 wrote to memory of 2080	1908	cmd.exe	80
PID 1908 wrote to memory of 2080	1908	cmd.exe	80
PID 1908 wrote to memory of 3760	1908	cmd.exe	81
PID 1908 wrote to memory of 3760	1908	cmd.exe	81
PID 1908 wrote to memory of 564	1908	cmd.exe	82
PID 1908 wrote to memory of 564	1908	cmd.exe	82

C:\Users\Admin\AppData\Local\Temp\lvi.exe
"C:\Users\Admin\AppData\Local\Temp\lvi.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\lvi.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1908
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\lvi.exe" MD5
    3⤵
    PID:2080
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:3760
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:564