ef25ca972778ecb0b7be6fa1553f24721852e4ec30cd27adb5e59023dd76b2cf

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2024 04:27

Target

2532-12-0x0000000000400000-0x000000000042F000-memory.exe
Size

188KB
MD5

a706cc42a0239adf5d45461382f34773
SHA1

46cff98407f17988b02f7331a62b8f17988e336d
SHA256

ef25ca972778ecb0b7be6fa1553f24721852e4ec30cd27adb5e59023dd76b2cf
SHA512

1c1418edf2586f0c335c38bd1a22fb1bf04f59001112197e368b4c0d2fde375067a5c51699ad8b4d8bd3d0dbb396f1b604045ec43b215f0d9403d88102dc3598
SSDEEP

3072:PmUHkiWHJoLJi38/sfn6aJ6klxyCRJ31kWfmMVP9DG4o:u+U8EiaJ6klxBJN+MVP9q4

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

2532-12-0x0000000000400000-0x000000000042F000-memory.exe

pid process

4280 2532-12-0x0000000000400000-0x000000000042F000-memory.exe
4280 2532-12-0x0000000000400000-0x000000000042F000-memory.exe

pid	process
4280	2532-12-0x0000000000400000-0x000000000042F000-memory.exe
4280	2532-12-0x0000000000400000-0x000000000042F000-memory.exe

C:\Users\Admin\AppData\Local\Temp\2532-12-0x0000000000400000-0x000000000042F000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\2532-12-0x0000000000400000-0x000000000042F000-memory.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4280

memory/4280-0-0x00000000018D0000-0x0000000001C1A000-memory.dmp

Filesize
3.3MB

Download