16d7f619d923f6af31f61d2400c029755c6acb4830a7bc38fb9e7a0ce900a2fd

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 19:07

Target

16d7f619d923f6af31f61d2400c029755c6acb4830a7bc38fb9e7a0ce900a2fd.exe
Size

4.8MB
MD5

08595289f78521353a9938de35e4d6d3
SHA1

1758150141590b5794dbf0875b811ad512b638f3
SHA256

16d7f619d923f6af31f61d2400c029755c6acb4830a7bc38fb9e7a0ce900a2fd
SHA512

880481acc38e23d78401d75d19178bb387ba160c7e6c0b8e0e6a4553586affb1f77a1f5ea5bd886e530ea99193fd46fb7c30123eecbfe5a83112f868d84fa604
SSDEEP

98304:emhd1Urye07W0WXoC42WV7wQqZUha5jtSyR:elABWXo52QbaZtlR

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1896	22B6.tmp

Executes dropped EXE 1 IoCs

pid	Process
1896	22B6.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 1896	392	16d7f619d923f6af31f61d2400c029755c6acb4830a7bc38fb9e7a0ce900a2fd.exe	92
PID 392 wrote to memory of 1896	392	16d7f619d923f6af31f61d2400c029755c6acb4830a7bc38fb9e7a0ce900a2fd.exe	92
PID 392 wrote to memory of 1896	392	16d7f619d923f6af31f61d2400c029755c6acb4830a7bc38fb9e7a0ce900a2fd.exe	92

C:\Users\Admin\AppData\Local\Temp\16d7f619d923f6af31f61d2400c029755c6acb4830a7bc38fb9e7a0ce900a2fd.exe
"C:\Users\Admin\AppData\Local\Temp\16d7f619d923f6af31f61d2400c029755c6acb4830a7bc38fb9e7a0ce900a2fd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:392
- C:\Users\Admin\AppData\Local\Temp\22B6.tmp
  "C:\Users\Admin\AppData\Local\Temp\22B6.tmp" --splashC:\Users\Admin\AppData\Local\Temp\16d7f619d923f6af31f61d2400c029755c6acb4830a7bc38fb9e7a0ce900a2fd.exe DB547887C3B465F1A958F5A1D2C233B73609859B8C89D7819D3655AB0C9233F5797849F2333AA68CBCE23722EE9A530A12B13FDE83D0B5C033974C1BB03BAF98
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\22B6.tmp

Filesize
4.8MB

MD5
e8f26c11418252145fca87ae780c6b5f

SHA1
047797116155da48eff8d959277eacc251611144

SHA256
3521c4d24c39766b9088074b16d793b2ffa0c12b8afb1db56dba22238e1afec6

SHA512
f23912924db9621d47e2621e3f8546e7cbd8c693305703288734cf1c62989305b847256a8703ddd40831c50c52adfec3a4630e5b2a8bac99139b17e33e3da806

Download Submit
memory/392-0-0x0000000000400000-0x0000000000849000-memory.dmp

Filesize
4.3MB

Download
memory/1896-5-0x0000000000400000-0x0000000000849000-memory.dmp

Filesize
4.3MB

Download