754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864

Analysis

max time kernel
138s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:10

Target

754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe
Size

79KB
MD5

13e29617b193102c57cccefe6e9ddf71
SHA1

083d503f7eae0921a7bd82a41610375b7db49323
SHA256

754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864
SHA512

451fadafd914b786e26934b3e58773bd2188bbea029b22d22d2a2eed3a05f7a5239c9e9da405be56750d25f3290808b6067aa59a858c79151386a4a6cc50cb03
SSDEEP

1536:zvXqoTwlA5hqbqzOQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvaO5/yGdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

4984 [email protected]

pid	process
4984	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.execmd.exe

description	pid	process	target process
PID 4552 wrote to memory of 5032	4552	754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe	cmd.exe
PID 4552 wrote to memory of 5032	4552	754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe	cmd.exe
PID 4552 wrote to memory of 5032	4552	754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe	cmd.exe
PID 5032 wrote to memory of 4984	5032	cmd.exe	[email protected]
PID 5032 wrote to memory of 4984	5032	cmd.exe	[email protected]
PID 5032 wrote to memory of 4984	5032	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe
"C:\Users\Admin\AppData\Local\Temp\754748c935284f8fedc5c9a7836ccef50b6574c81eaa2ff6bb32d3b4c7c77864.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4552

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c [email protected]
2⤵
- Suspicious use of WriteProcessMemory
PID:5032

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:4984

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
133fe8e41498ffb4a652aecffe931582

SHA1
d468c2c0824ea51f9d0c5b5dd3b94dfa12b62ee4

SHA256
ce5a0d5e447d12c30316cd5f473cdb61eb154cb41fea226a6bf98f721946057d

SHA512
33ad9bdf73b683cdfe5f549eb9995d0d07f5e8a4aa97055d4a8ce382bd1cc127b1b05e6d8d0b0e8454961003accce9ce261d4e6d9f2b41c3b81c5202119c1591

Download Submit
memory/4552-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4984-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download