f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 00:22

Target

f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe
Size

79KB
MD5

82176b350ec69741c12299d761b040d2
SHA1

dba440d4a4aeec93bfa89906dca8f8690424d9e5
SHA256

f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b
SHA512

8ba08c41c2106bf2bc20ccf11409429d256e898cd135eba5a2f105b70577a1bd9f8bf040d3e05a1591c1dd5e9a952db14d62af5a5cc824db500254db74ba2112
SSDEEP

1536:zvqrRgojWFT+eDOQA8AkqUhMb2nuy5wgIP0CSJ+5yEB8GMGlZ5G:zvCRkFT3iGdqU7uy5w9WMyEN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4020	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 3720	2216	f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe	89
PID 2216 wrote to memory of 3720	2216	f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe	89
PID 2216 wrote to memory of 3720	2216	f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe	89
PID 3720 wrote to memory of 4020	3720	cmd.exe	90
PID 3720 wrote to memory of 4020	3720	cmd.exe	90
PID 3720 wrote to memory of 4020	3720	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe
"C:\Users\Admin\AppData\Local\Temp\f68548599564a5748161bd72e251b41c80b17263347265473cedc65f5594951b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3720
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4020

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2a84275545809a88365eb27875cdc462

SHA1
a229b37784a75a3c16e5c3b3fb04378224f191a0

SHA256
cf84df2e6d93a41dfb225a24517a034e4e35dcfef3a80f300d86d0ff4391e5ee

SHA512
84b7d9624bce3fa2f09ff2ea222426e93aea1b0f2bb6835e117db92eea4b08750a2eeff3618398bc4375f9f127acf443a6063eaa332e3fa5afb7bb9062dd7586

Download Submit
memory/2216-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4020-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download