f2ba06696a0290098dede81c6d7f99cc0306d6f14a55bf8443f8d72df29b9177

Analysis

max time kernel
134s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 16:22

Target

SecuriteInfo.com.Variant.Midie.144704.8660.31773.exe
Size

4.6MB
MD5

287a1a2634590adac14dc6a6309c66d4
SHA1

2f6560e011210053c005fc65bb8d63825bd3e82d
SHA256

f2ba06696a0290098dede81c6d7f99cc0306d6f14a55bf8443f8d72df29b9177
SHA512

e969134d9a2f27aa5393f379dfa819d298322498f0bfbf52bfe20f43345fc49105b7e8e090a30add0b4e3bfd74399be530eb5155f3eac1785ce84c5ac5d7000d
SSDEEP

49152:obkvsXXWFU2F27jk5USYlzTacGmWcI3Fa89fac1JgW6yve:D9UZjtltI+

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 3960	4436	SecuriteInfo.com.Variant.Midie.144704.8660.31773.exe	90
PID 4436 wrote to memory of 3960	4436	SecuriteInfo.com.Variant.Midie.144704.8660.31773.exe	90

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Midie.144704.8660.31773.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Midie.144704.8660.31773.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Windows\System32\notepad.exe
  C:\Windows\System32\notepad.exe
  2⤵
  PID:3960

memory/4436-0-0x00007FF860870000-0x00007FF860A65000-memory.dmp

Filesize
2.0MB

Download
memory/4436-1-0x000001C0FF7E0000-0x000001C0FF7FA000-memory.dmp

Filesize
104KB

Download