789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:22

Target

789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe
Size

79KB
MD5

06c8a4ad83a005a0a8b16a74c427fcb2
SHA1

5b1a1a3ed8f123f407de571b31692cb6890e194c
SHA256

789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a
SHA512

61cb1cc6fb916169e18e9b84a39365bd16bf857a05a643c8a3ec1f2ac84a28d01b05152ef78c863f42ba47d854d0a3ee328d5656fdf492e64e3addbb2f804da6
SSDEEP

1536:zvYONtUW2tbTs1OQA8AkqUhMb2nuy5wgIP0CSJ+5yLLB8GMGlZ5G:zvYODUTpfGdqU7uy5w9WMyLLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

2548 [email protected]

pid	process
2548	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.execmd.exe

description	pid	process	target process
PID 900 wrote to memory of 4320	900	789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe	cmd.exe
PID 900 wrote to memory of 4320	900	789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe	cmd.exe
PID 900 wrote to memory of 4320	900	789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe	cmd.exe
PID 4320 wrote to memory of 2548	4320	cmd.exe	[email protected]
PID 4320 wrote to memory of 2548	4320	cmd.exe	[email protected]
PID 4320 wrote to memory of 2548	4320	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe
"C:\Users\Admin\AppData\Local\Temp\789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:900

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c [email protected]
2⤵
- Suspicious use of WriteProcessMemory
PID:4320

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:2548

C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize
79KB

MD5
25ebeaad423f1d20f9ebbb4227cb16eb

SHA1
44908f03b9800d95bd5e45555525f82615191ba0

SHA256
e60172cf1c0d787fb78db711d60d517ce4a98ec062931f72584c0ff1eca308c1

SHA512
251f933dfc54e06ceed99bea791fd792e3bc5be468b435b09d7a9c66e4a519fd36a159e0ebb638de82aa18453d9fb4340b95b6850c4b694e566f428cfadeea5a

Download Submit
memory/900-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2548-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download