70092856c9eeb38f6d7c031f0300630ec27d3fbd9f751ab0d1246e35f86aba80

Analysis

max time kernel
150s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 09:34

Target

loader.exe
Size

1.6MB
MD5

9c3be7203ba00ad3a4aa5c060d92e032
SHA1

73889da9d3516234b199902efdc996e830d7ed12
SHA256

70092856c9eeb38f6d7c031f0300630ec27d3fbd9f751ab0d1246e35f86aba80
SHA512

edb44fd610fddfd469242bf43c0c79997aac07ed1bf7d7263fd0ba49d923bde7b36254e89cd98039df8a9d6ad9914599eaaed22e4f29a8939638a58c5ff140ad
SSDEEP

49152:x2+bFGaqjaqjyX3KLsRnkFyd+PfvSTgr8z:jk1yX3VRE

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1504	2484	loader.exe	83
PID 2484 wrote to memory of 1504	2484	loader.exe	83
PID 1504 wrote to memory of 1900	1504	cmd.exe	84
PID 1504 wrote to memory of 1900	1504	cmd.exe	84
PID 1504 wrote to memory of 2080	1504	cmd.exe	85
PID 1504 wrote to memory of 2080	1504	cmd.exe	85
PID 1504 wrote to memory of 868	1504	cmd.exe	86
PID 1504 wrote to memory of 868	1504	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\loader.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1504
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\loader.exe" MD5
    3⤵
    PID:1900
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:2080
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:868