0e39c1f87ad0f58262ebfe6cc90ebec66d47e25d5df163783cdb039bfd87e253

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 18:39

Target

0e39c1f87ad0f58262ebfe6cc90ebec66d47e25d5df163783cdb039bfd87e253.exe
Size

79KB
MD5

370a349b28cda11dcebd77ffe39e6366
SHA1

ede9667b5781e49a591e2fd864fe60d33730e5e1
SHA256

0e39c1f87ad0f58262ebfe6cc90ebec66d47e25d5df163783cdb039bfd87e253
SHA512

e4730428ba6af49939fe8c3f57b9b9ee38a099198bfb505817e262d06609b5e992459fd0639c92e3df23edf72a8b01d1999ffc503e72f25f24bdfa4ce2767a5c
SSDEEP

1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5ynB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMynN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2544	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 2360	5040	0e39c1f87ad0f58262ebfe6cc90ebec66d47e25d5df163783cdb039bfd87e253.exe	84
PID 5040 wrote to memory of 2360	5040	0e39c1f87ad0f58262ebfe6cc90ebec66d47e25d5df163783cdb039bfd87e253.exe	84
PID 5040 wrote to memory of 2360	5040	0e39c1f87ad0f58262ebfe6cc90ebec66d47e25d5df163783cdb039bfd87e253.exe	84
PID 2360 wrote to memory of 2544	2360	cmd.exe	85
PID 2360 wrote to memory of 2544	2360	cmd.exe	85
PID 2360 wrote to memory of 2544	2360	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\0e39c1f87ad0f58262ebfe6cc90ebec66d47e25d5df163783cdb039bfd87e253.exe
"C:\Users\Admin\AppData\Local\Temp\0e39c1f87ad0f58262ebfe6cc90ebec66d47e25d5df163783cdb039bfd87e253.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2544

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e8a61771929192a3a8c5d6a7c6913c48

SHA1
f0a3e6ac5c2f4515ae840a1c35cb92de1c9a63a5

SHA256
d4927b25ad234e9ca23fe12d114540eb12f02a93b62edf481f32b9e4b0122bf9

SHA512
ae197fc40501d0f5aefb42664f591af9ac07ca83bdbb4359d911455f418e68e355ce6ff5e63ed028d8a077960f1c97528038ad38fc9ce4fc9bef928da2216b4b

Download Submit
memory/2544-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5040-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download