fd9d2d9ba944c095466541b06cfeb2cfcadc4bcb9d4dc68eedcc36de745675af

Analysis

max time kernel
146s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 05:03

Target

fd9d2d9ba944c095466541b06cfeb2cfcadc4bcb9d4dc68eedcc36de745675af.exe
Size

72KB
MD5

29906d40349282d45a7e4a6ce8f00f4f
SHA1

4f0466cf043a3b9a06ccc241d08a0cecc71218f7
SHA256

fd9d2d9ba944c095466541b06cfeb2cfcadc4bcb9d4dc68eedcc36de745675af
SHA512

e9db7e338edee121c93f3a96def46ccb95abb3f245cbd01622e009baaa8eb77c53efbf22e5b2341a0a2ab3b0de49ece84e835e1bc9eaa409e0822505fd3c0381
SSDEEP

1536:ILTYdVOXov5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq39:u4v4i+Ge0Nc8QsC9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

fd9d2d9ba944c095466541b06cfeb2cfcadc4bcb9d4dc68eedcc36de745675af.exe

description	pid	process	target process
PID 4500 wrote to memory of 4952	4500	fd9d2d9ba944c095466541b06cfeb2cfcadc4bcb9d4dc68eedcc36de745675af.exe	cmd.exe
PID 4500 wrote to memory of 4952	4500	fd9d2d9ba944c095466541b06cfeb2cfcadc4bcb9d4dc68eedcc36de745675af.exe	cmd.exe
PID 4500 wrote to memory of 4952	4500	fd9d2d9ba944c095466541b06cfeb2cfcadc4bcb9d4dc68eedcc36de745675af.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\fd9d2d9ba944c095466541b06cfeb2cfcadc4bcb9d4dc68eedcc36de745675af.exe
"C:\Users\Admin\AppData\Local\Temp\fd9d2d9ba944c095466541b06cfeb2cfcadc4bcb9d4dc68eedcc36de745675af.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4500

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C echo 'OS{16ef3f9cdded60d4ce7abe494593ccc1}'
2⤵
PID:4952