6f5d05efc75cb8f8aec62b4b8bf4ed5811268b611a1471031a6351c2cddeb4a3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:58

Target

6f5d05efc75cb8f8aec62b4b8bf4ed5811268b611a1471031a6351c2cddeb4a3.exe
Size

73KB
MD5

1897efc761f9d5b896d6c1d17f730693
SHA1

5255161348a4ced85e225674efe47268e25be21e
SHA256

6f5d05efc75cb8f8aec62b4b8bf4ed5811268b611a1471031a6351c2cddeb4a3
SHA512

33fe317eed21d67aacd0d2ef33ca9c4c24552e876216359b3c1a00631d255e7e5909cbd0a3aaec32d79637dcc42027fe8246a970976cd3f740692847b2eac4c9
SSDEEP

1536:hbb9u/urTQWRK5QPqfhVWbdsmA+RjPFLC+e5h90ZGUGf2g:h/9u8NPqfcxA+HFsh9Og

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

2344 [email protected]

pid	process
2344	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

6f5d05efc75cb8f8aec62b4b8bf4ed5811268b611a1471031a6351c2cddeb4a3.execmd.exe[email protected]

description	pid	process	target process
PID 4384 wrote to memory of 2156	4384	6f5d05efc75cb8f8aec62b4b8bf4ed5811268b611a1471031a6351c2cddeb4a3.exe	cmd.exe
PID 4384 wrote to memory of 2156	4384	6f5d05efc75cb8f8aec62b4b8bf4ed5811268b611a1471031a6351c2cddeb4a3.exe	cmd.exe
PID 4384 wrote to memory of 2156	4384	6f5d05efc75cb8f8aec62b4b8bf4ed5811268b611a1471031a6351c2cddeb4a3.exe	cmd.exe
PID 2156 wrote to memory of 2344	2156	cmd.exe	[email protected]
PID 2156 wrote to memory of 2344	2156	cmd.exe	[email protected]
PID 2156 wrote to memory of 2344	2156	cmd.exe	[email protected]
PID 2344 wrote to memory of 1000	2344	[email protected]	cmd.exe
PID 2344 wrote to memory of 1000	2344	[email protected]	cmd.exe
PID 2344 wrote to memory of 1000	2344	[email protected]	cmd.exe

C:\Users\Admin\AppData\Local\Temp\6f5d05efc75cb8f8aec62b4b8bf4ed5811268b611a1471031a6351c2cddeb4a3.exe
"C:\Users\Admin\AppData\Local\Temp\6f5d05efc75cb8f8aec62b4b8bf4ed5811268b611a1471031a6351c2cddeb4a3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2344
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:1000

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
ce0bcf4bdece8879bc618d0fd51fc0f2

SHA1
06fa78a93bbe6aba5e5cbdaae5f6488a283f1e31

SHA256
6c6b7092d5863ce028125b4d73abc40e36ff1f3291c6facb00b4492bbeb8b72e

SHA512
e4d415c1d073733772ddd4b92775bc58b42c710b0fdbe7b0e9ce2eca4df6a263d9aae865e642c71a3e07da9e0b78be48efdf7263480c44e0ba29e9fd5145755a

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/2344-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4384-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download