204b3fd79478d807e23c7abc8c2a7d7491d832645a55f2fff0e5a044489acda3

Analysis

max time kernel
146s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 19:20

Target

204b3fd79478d807e23c7abc8c2a7d7491d832645a55f2fff0e5a044489acda3.exe
Size

79KB
MD5

28592af3cd38ebe76ef182d02b270366
SHA1

e4b522a0a752db048e9855819b78857fb5cd740b
SHA256

204b3fd79478d807e23c7abc8c2a7d7491d832645a55f2fff0e5a044489acda3
SHA512

472aec0aa8bc238386e25cce8fbe12f01c8b903f99f06fa811193757ea6a17e6955c4d423b7b0661f827e4ef5c677fcc45332b43e38d3fc260c6a7c3b7190d02
SSDEEP

1536:zvYONtUW2tbTs1OQA8AkqUhMb2nuy5wgIP0CSJ+5y1vB8GMGlZ5G:zvYODUTpfGdqU7uy5w9WMy1vN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3100	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 3892	2160	204b3fd79478d807e23c7abc8c2a7d7491d832645a55f2fff0e5a044489acda3.exe	91
PID 2160 wrote to memory of 3892	2160	204b3fd79478d807e23c7abc8c2a7d7491d832645a55f2fff0e5a044489acda3.exe	91
PID 2160 wrote to memory of 3892	2160	204b3fd79478d807e23c7abc8c2a7d7491d832645a55f2fff0e5a044489acda3.exe	91
PID 3892 wrote to memory of 3100	3892	cmd.exe	92
PID 3892 wrote to memory of 3100	3892	cmd.exe	92
PID 3892 wrote to memory of 3100	3892	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\204b3fd79478d807e23c7abc8c2a7d7491d832645a55f2fff0e5a044489acda3.exe
"C:\Users\Admin\AppData\Local\Temp\204b3fd79478d807e23c7abc8c2a7d7491d832645a55f2fff0e5a044489acda3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3892
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
db066b9234bdb80fa5fc9e1738366796

SHA1
b9452ceacbe66df92b20b98142b477b517bf0f3d

SHA256
b70b401e5eb5df37485edcbeb389400e0d99aa8c5141448d5feadb14cbda5c5a

SHA512
41cde711aea4fea021f473a66c9d1df7c7a60159516773e9f6572b66cfb2cc220e8eae3502cd4159266da0eede676d37fa21f5b64496fffeb9eead51cdc494d7

Download Submit
memory/2160-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3100-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download