745c2ebd15d66fa5f5a900c03d8f0c6d8bbc9f6e2b6d9ccfeed52cc7fd25bc42

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 09:55

Target

server.exe
Size

28KB
MD5

f858e5c8d1665a8c12c0fa7f775c7fe7
SHA1

321d5579b2a651937ffae6f16414d6d08cb0c1b1
SHA256

4345d7553ceda66d33cdbcefa3bd2d30eec8a60c8529aaa522000c695be804cf
SHA512

270ab51ce3f112545d69c349f97bd274ea91c741601e8fa2f9e3572000a16eb5b8cf29b6e2bd1783968f2a9d22dbfa345e5637f6055a25afdf2d129e2ab11195
SSDEEP

384:UmOyMLjKMPH1Dxw7ZA8l9ZoA7k+w9G5hmssR0IkR46nzojn8mgRRtssIeo/r5J1w:hUjKVjl9xw3x6nz7vj1wr49

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

server.exe

pid process

1492 server.exe
1492 server.exe
1492 server.exe
1492 server.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

server.exe

description	pid	process	target process
PID 1492 wrote to memory of 3500	1492	server.exe	Explorer.EXE
PID 1492 wrote to memory of 3500	1492	server.exe	Explorer.EXE
PID 1492 wrote to memory of 3500	1492	server.exe	Explorer.EXE
PID 1492 wrote to memory of 3500	1492	server.exe	Explorer.EXE
PID 1492 wrote to memory of 3500	1492	server.exe	Explorer.EXE
PID 1492 wrote to memory of 3500	1492	server.exe	Explorer.EXE

memory/1492-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1492-1-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1492-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1492-9-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/3500-2-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/3500-4-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

Filesize
24KB

Download