bcdd2a922ee15ffc1acbb0de6e5d0871fd47f19e54f8e50f22605c697cca2930

Analysis

max time kernel
149s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 19:22

Target

329a6ed6e8359a15d11e88b722b01164.exe
Size

41KB
MD5

329a6ed6e8359a15d11e88b722b01164
SHA1

4313712c35449000fc0c137f7a34ef661f9afb65
SHA256

bcdd2a922ee15ffc1acbb0de6e5d0871fd47f19e54f8e50f22605c697cca2930
SHA512

af2c1db3d98cdda0c59187820f220194f3e3256d079c35581edb8f31fb3cf6e4c3b1b19419f6f2f827a10b8ad2d534e7d24f66de5d9b418b55a6f54c278b97f2
SSDEEP

384:cRvJdqOxpqm5LpvmLwtCO/e0Ajj6AH2XWwBOdw65UBsU0BSfcCoIVvuy:ghUK3dIgCSJAvLiBOdP2Bd0Bccsv

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3520	gjxqk.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 3520	4792	329a6ed6e8359a15d11e88b722b01164.exe	86
PID 4792 wrote to memory of 3520	4792	329a6ed6e8359a15d11e88b722b01164.exe	86
PID 4792 wrote to memory of 3520	4792	329a6ed6e8359a15d11e88b722b01164.exe	86

C:\Users\Admin\AppData\Local\Temp\329a6ed6e8359a15d11e88b722b01164.exe
"C:\Users\Admin\AppData\Local\Temp\329a6ed6e8359a15d11e88b722b01164.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Users\Admin\AppData\Local\Temp\gjxqk.exe
  C:\Users\Admin\AppData\Local\Temp\gjxqk.exe
  2⤵
  - Executes dropped EXE
  PID:3520

C:\Users\Admin\AppData\Local\Temp\gjxqk.exe

Filesize
41KB

MD5
ce36a3fb93fba83540345883e747fb63

SHA1
9bb6bb214ba09bfd41f45f2467c2b29e67e73f07

SHA256
62637b9bc885efece5029b7c5878fd349968156ae617cc7988e7b9df1bc574d3

SHA512
0a2f754cfd5b5150a0ef2ab00b9b4664bbb61356336fda2138ffe728256e8cbb42da9dc07ce14e9305ec598f16a147aa5686575cf043b812b38c3dc06e025ffa

Download Submit
memory/3520-5-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4792-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download