dfdf829f1488abc87b8cb5ec93ecf700f53ed5c675341ba03a0b371f1750db8b

Analysis

max time kernel
93s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 03:46

Target

dfdf829f1488abc87b8cb5ec93ecf700f53ed5c675341ba03a0b371f1750db8b.exe
Size

79KB
MD5

698966abad29f6c7f2441ee7c492aad7
SHA1

b3b8399cd3827a8e67c3310ac0ff262a8010fb00
SHA256

dfdf829f1488abc87b8cb5ec93ecf700f53ed5c675341ba03a0b371f1750db8b
SHA512

15dc21741a17ac77922fb9d24ce8d274e808b0dbd6fb15b8bdba4872f02f787a655074ef5a1b3acc1456434b19988a2dea1b0c632b0041c77bddf4c46dcd65c4
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5yMB8GMGlZ5G:zv652PjGdqU7uy5w9WMyMN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
228	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 464	3500	dfdf829f1488abc87b8cb5ec93ecf700f53ed5c675341ba03a0b371f1750db8b.exe	85
PID 3500 wrote to memory of 464	3500	dfdf829f1488abc87b8cb5ec93ecf700f53ed5c675341ba03a0b371f1750db8b.exe	85
PID 3500 wrote to memory of 464	3500	dfdf829f1488abc87b8cb5ec93ecf700f53ed5c675341ba03a0b371f1750db8b.exe	85
PID 464 wrote to memory of 228	464	cmd.exe	86
PID 464 wrote to memory of 228	464	cmd.exe	86
PID 464 wrote to memory of 228	464	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\dfdf829f1488abc87b8cb5ec93ecf700f53ed5c675341ba03a0b371f1750db8b.exe
"C:\Users\Admin\AppData\Local\Temp\dfdf829f1488abc87b8cb5ec93ecf700f53ed5c675341ba03a0b371f1750db8b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:464
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:228

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
234db61461e34f2195129c74533ac260

SHA1
2e68b1284211d6c4fac970d1c23057df12588efd

SHA256
7dadf14ec4e4123f723d118d98549986b140cc03a6e45e4c16a4cb501ede95e5

SHA512
b73bcd76a905599e3c4aaa77191b09b1eb2d12c5da00a26d17aa5b5eb5d89074e7a0c2f103a6542cb91ff5a2c3a40d5b88a020e17e648c9cf871ad86bfa60871

Download Submit
memory/228-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3500-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download