3347a9236a535c3bce9c02a8d5b5bb7b8860364954c5f7a2b478c36693ad6112

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 20:58

Target

3347a9236a535c3bce9c02a8d5b5bb7b8860364954c5f7a2b478c36693ad6112.exe
Size

79KB
MD5

6d85469abe7f7e339408328afb6caab8
SHA1

a6fd69e7fa722aa160c950825ef1dabaf0370b1d
SHA256

3347a9236a535c3bce9c02a8d5b5bb7b8860364954c5f7a2b478c36693ad6112
SHA512

438762d2397ea159e4af9a671323f128efde94775ae90d4badd99f9cd8e413f00d8ab99d922f3e887921a58aef654bff99351aa93a4b642d04d2456551c1a2f1
SSDEEP

1536:zvMWqzr6NpAOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zvMtzrEGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3092	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 3164	1820	3347a9236a535c3bce9c02a8d5b5bb7b8860364954c5f7a2b478c36693ad6112.exe	83
PID 1820 wrote to memory of 3164	1820	3347a9236a535c3bce9c02a8d5b5bb7b8860364954c5f7a2b478c36693ad6112.exe	83
PID 1820 wrote to memory of 3164	1820	3347a9236a535c3bce9c02a8d5b5bb7b8860364954c5f7a2b478c36693ad6112.exe	83
PID 3164 wrote to memory of 3092	3164	cmd.exe	84
PID 3164 wrote to memory of 3092	3164	cmd.exe	84
PID 3164 wrote to memory of 3092	3164	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\3347a9236a535c3bce9c02a8d5b5bb7b8860364954c5f7a2b478c36693ad6112.exe
"C:\Users\Admin\AppData\Local\Temp\3347a9236a535c3bce9c02a8d5b5bb7b8860364954c5f7a2b478c36693ad6112.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3164
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3092

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9ae9e0190dbce9c129dc31f2a714b3e9

SHA1
7745fbb682469d73193bfba966e06efda43fb763

SHA256
42c559b2d013c2675e6062a764f63e28f31f735d69a5b0faa213de4269f68306

SHA512
b3c9160e44b5ae0f2d49c076ec7fd00b5af247975a50ee64343636ec6530ed479aea76b9940bdd3eea0fda596d741861c2cab1a914565153c74669faf33b351e

Download Submit
memory/1820-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3092-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download