483af6df8ec0f755a71fed74f90d6738afa33d7401faf3ac141f51ca2f2f05ab

Analysis

max time kernel
139s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 22:12

Target

483af6df8ec0f755a71fed74f90d6738afa33d7401faf3ac141f51ca2f2f05ab.exe
Size

79KB
MD5

cc9dd9a95c0667a9f5b886b1d6d3cbcc
SHA1

afaa8de91659d0253f92a0777a5b916d6bad97fe
SHA256

483af6df8ec0f755a71fed74f90d6738afa33d7401faf3ac141f51ca2f2f05ab
SHA512

46162798913a66a97320914870fc74c0d2559628f3024732d294bdea171ff569f2ccd9351a331651180c10ae597cc32c41c2c7dedb233ad9347b4ff18e2f0dbd
SSDEEP

1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yPB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyPN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3268	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2360	2312	483af6df8ec0f755a71fed74f90d6738afa33d7401faf3ac141f51ca2f2f05ab.exe	95
PID 2312 wrote to memory of 2360	2312	483af6df8ec0f755a71fed74f90d6738afa33d7401faf3ac141f51ca2f2f05ab.exe	95
PID 2312 wrote to memory of 2360	2312	483af6df8ec0f755a71fed74f90d6738afa33d7401faf3ac141f51ca2f2f05ab.exe	95
PID 2360 wrote to memory of 3268	2360	cmd.exe	96
PID 2360 wrote to memory of 3268	2360	cmd.exe	96
PID 2360 wrote to memory of 3268	2360	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\483af6df8ec0f755a71fed74f90d6738afa33d7401faf3ac141f51ca2f2f05ab.exe
"C:\Users\Admin\AppData\Local\Temp\483af6df8ec0f755a71fed74f90d6738afa33d7401faf3ac141f51ca2f2f05ab.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4036,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:8
1⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9e1723c2e4372b82cd9dc2629e58c617

SHA1
58b25f18ae7994dd3d1b67864ca4de5f55511f80

SHA256
b2f9ba0b72c667f7f9d388feaef5152f017052af397c3601e1e0e6694e5be01e

SHA512
f74933422b2a55415a337acef6c8984c037bc22a9d9f861411f1dc58e752717ef10dd8ff3d7fb4aeb4b6a1302f848a60c70d88490b35f51da112e91e65e43637

Download Submit
memory/2312-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3268-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download