ea3668a984e7218da100a41e7682a9bbe1da1487445a8b706e5be7a149a71021

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 15:23

Target

ThavipahCracked.exe
Size

1015KB
MD5

8052bad3dc88b37a83a8b911bfaea07b
SHA1

e454c59a798d501d96494156bae8af33116adf45
SHA256

ea3668a984e7218da100a41e7682a9bbe1da1487445a8b706e5be7a149a71021
SHA512

89c9065b7eed4868bf8ce62091b2bd9e5ecead11c65103714877c98a2f1cb0074cf40058dafe26fc3c40cec06aab4e64d8aa7de8532ec263697cd0474b6af530
SSDEEP

24576:qTkdLtpKuQXU00VDbeSq8//8z5Cn56Nc5:qwdL28/2K/8Un5

Score

1^/10

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 3032	2944	ThavipahCracked.exe	29
PID 2944 wrote to memory of 3032	2944	ThavipahCracked.exe	29
PID 2944 wrote to memory of 3032	2944	ThavipahCracked.exe	29
PID 3032 wrote to memory of 2416	3032	cmd.exe	30
PID 3032 wrote to memory of 2416	3032	cmd.exe	30
PID 3032 wrote to memory of 2416	3032	cmd.exe	30
PID 3032 wrote to memory of 3028	3032	cmd.exe	31
PID 3032 wrote to memory of 3028	3032	cmd.exe	31
PID 3032 wrote to memory of 3028	3032	cmd.exe	31
PID 3032 wrote to memory of 2820	3032	cmd.exe	32
PID 3032 wrote to memory of 2820	3032	cmd.exe	32
PID 3032 wrote to memory of 2820	3032	cmd.exe	32
PID 2944 wrote to memory of 2700	2944	ThavipahCracked.exe	33
PID 2944 wrote to memory of 2700	2944	ThavipahCracked.exe	33
PID 2944 wrote to memory of 2700	2944	ThavipahCracked.exe	33

C:\Users\Admin\AppData\Local\Temp\ThavipahCracked.exe
"C:\Users\Admin\AppData\Local\Temp\ThavipahCracked.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\ThavipahCracked.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\ThavipahCracked.exe" MD5
    3⤵
    PID:2416
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:3028
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:2820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color B
  2⤵
  PID:2700