a5b8c38116dfacbbc3f50ffd938164481765f57c35975f0e8e63d8b94389e888

Analysis

max time kernel
69s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
16/04/2024, 17:09

Target

AbdiEXT.exe
Size

283KB
MD5

5cd731833eb6e072e88bad689fb1d874
SHA1

3cb11b77a66270cb3f28e6da5b03bc72b9d47cbf
SHA256

a5b8c38116dfacbbc3f50ffd938164481765f57c35975f0e8e63d8b94389e888
SHA512

62e30a556edf39e91df26b1d01b6cd121336ef8db976f9542707b223fd01bf599502ba1db6f7e232882eed9611464f90dd693ee9e387e7406b70d623e04aa7a8
SSDEEP

3072:uvhaQCIUE9tSzGnw6t1TdP7Br8WkA00FGxhwBO/DEueijaUV6x/JHtatnzv42P5r:K0QCMf1TTr8z0FuDvGes2Pqf8nuA

Score

1^/10

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 2144	956	AbdiEXT.exe	81
PID 956 wrote to memory of 2144	956	AbdiEXT.exe	81
PID 956 wrote to memory of 1464	956	AbdiEXT.exe	83
PID 956 wrote to memory of 1464	956	AbdiEXT.exe	83
PID 956 wrote to memory of 4928	956	AbdiEXT.exe	84
PID 956 wrote to memory of 4928	956	AbdiEXT.exe	84
PID 956 wrote to memory of 2172	956	AbdiEXT.exe	85
PID 956 wrote to memory of 2172	956	AbdiEXT.exe	85
PID 956 wrote to memory of 4196	956	AbdiEXT.exe	86
PID 956 wrote to memory of 4196	956	AbdiEXT.exe	86
PID 956 wrote to memory of 4620	956	AbdiEXT.exe	87
PID 956 wrote to memory of 4620	956	AbdiEXT.exe	87
PID 956 wrote to memory of 4064	956	AbdiEXT.exe	88
PID 956 wrote to memory of 4064	956	AbdiEXT.exe	88
PID 956 wrote to memory of 1148	956	AbdiEXT.exe	89
PID 956 wrote to memory of 1148	956	AbdiEXT.exe	89
PID 956 wrote to memory of 4476	956	AbdiEXT.exe	90
PID 956 wrote to memory of 4476	956	AbdiEXT.exe	90
PID 956 wrote to memory of 3540	956	AbdiEXT.exe	91
PID 956 wrote to memory of 3540	956	AbdiEXT.exe	91

C:\Users\Admin\AppData\Local\Temp\AbdiEXT.exe
"C:\Users\Admin\AppData\Local\Temp\AbdiEXT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color E
  2⤵
  PID:2144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 4
  2⤵
  PID:4620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 5
  2⤵
  PID:4064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 04
  2⤵
  PID:1148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 2
  2⤵
  PID:4476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color c
  2⤵
  PID:3540