ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951

Analysis

max time kernel
92s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 00:08

Target

ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe
Size

79KB
MD5

6ca49604e4c1b41edfcda70f9592a976
SHA1

9bcdda5d66272345c900938b384abc3505ef0702
SHA256

ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951
SHA512

d3aba5527e801054598c8d557d58af15eaec0d6d10d41084270c08ba3a75a93a13c2c037315a1aa51b4d84aab5544b91a0b9eecc737a25f07836e470560f349d
SSDEEP

1536:zvl6vjpRmTZNk/OQA8AkqUhMb2nuy5wgIP0CSJ+5yMltB8GMGlZ5G:zvgvjpYZNk2GdqU7uy5w9WMyMXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4144	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 1036	2300	ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe	86
PID 2300 wrote to memory of 1036	2300	ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe	86
PID 2300 wrote to memory of 1036	2300	ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe	86
PID 1036 wrote to memory of 4144	1036	cmd.exe	87
PID 1036 wrote to memory of 4144	1036	cmd.exe	87
PID 1036 wrote to memory of 4144	1036	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe
"C:\Users\Admin\AppData\Local\Temp\ee7fbb8c4ff4fdb7c31f9a7a728987a7ad66483ecedc8973eedc0250bde11951.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1036
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4144

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fd25115ed53010b7dddd5d7fee181ade

SHA1
3deb6cbc23f40a451a17ca0df00cb11b3cf4059a

SHA256
0de8253ac6c9f6ca6ee0134a2c1395f67b55201c43624bcbefcb8794085fcb86

SHA512
670bc48a80d747285505aee52c08d22e361468205fdbca1cf7298b6d93b4c4c765878c4337a6a6baf5dfa8473fb00797791e55e9218dd4494124f55db6342dce

Download Submit
memory/2300-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4144-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download