c1ba737269e818d9801d57cb20cdd87deeda99467e06b175e7c170321fd1e844

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 03:54

Target

c1ba737269e818d9801d57cb20cdd87deeda99467e06b175e7c170321fd1e844.exe
Size

79KB
MD5

995978792170d320832af40ca37f6026
SHA1

72412b15de6f2c4c2767fb1ce305b5cb7cf99e43
SHA256

c1ba737269e818d9801d57cb20cdd87deeda99467e06b175e7c170321fd1e844
SHA512

bfbebd66cf86dcf74ea3840996fa5ddb4e636ced1627f28523bca7bf7452f56fc8a3912c745613bdf3495111b96cf267574c9c9c8f67d728292ed0b87ad8b1b3
SSDEEP

1536:zvoO0/7E2BzTQTFOQA8AkqUhMb2nuy5wgIP0CSJ+5ytB8GMGlZ5G:zvL0/Y2lTQTcGdqU7uy5w9WMytN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3292	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 904	2624	c1ba737269e818d9801d57cb20cdd87deeda99467e06b175e7c170321fd1e844.exe	85
PID 2624 wrote to memory of 904	2624	c1ba737269e818d9801d57cb20cdd87deeda99467e06b175e7c170321fd1e844.exe	85
PID 2624 wrote to memory of 904	2624	c1ba737269e818d9801d57cb20cdd87deeda99467e06b175e7c170321fd1e844.exe	85
PID 904 wrote to memory of 3292	904	cmd.exe	87
PID 904 wrote to memory of 3292	904	cmd.exe	87
PID 904 wrote to memory of 3292	904	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\c1ba737269e818d9801d57cb20cdd87deeda99467e06b175e7c170321fd1e844.exe
"C:\Users\Admin\AppData\Local\Temp\c1ba737269e818d9801d57cb20cdd87deeda99467e06b175e7c170321fd1e844.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:904
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3292

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3ff537547a5b90b8de7c69949a37bef6

SHA1
cd9641b8807a8918b9e0ccd93288a244ed05df56

SHA256
5fc5848e483387c41d7ba2014b14a3b9e0132c7b89defb3ca9fc93bb13c80427

SHA512
bbe47331ea4c93e8241c243ba9bdd6512593627d356baede269d73f1779c746e25d34e78c58b9bba006166d51c2c10f2e09aa717598eaba812fafa6ed4460bd3

Download Submit
memory/2624-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3292-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download