7665abef1cc4e30f7830153f1505f8f4818d7156ba28b0a4d1db826d0efe312a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:14

Target

7665abef1cc4e30f7830153f1505f8f4818d7156ba28b0a4d1db826d0efe312a.exe
Size

79KB
MD5

a454ba36311d0934279135b3097c0137
SHA1

2d1d24901d6d3b594845dfeda4958a939a05bb44
SHA256

7665abef1cc4e30f7830153f1505f8f4818d7156ba28b0a4d1db826d0efe312a
SHA512

566247938e762109a80a61070b7d0ebd93cf9a1186cf957592ba9dd31114fe845ef61c20ab0913d03cf3040394740e4e28753b0bf1ba81a436235a5f4e97f5af
SSDEEP

1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yWB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyWN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

1980 [email protected]

pid	process
1980	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

7665abef1cc4e30f7830153f1505f8f4818d7156ba28b0a4d1db826d0efe312a.execmd.exe

description	pid	process	target process
PID 388 wrote to memory of 836	388	7665abef1cc4e30f7830153f1505f8f4818d7156ba28b0a4d1db826d0efe312a.exe	cmd.exe
PID 388 wrote to memory of 836	388	7665abef1cc4e30f7830153f1505f8f4818d7156ba28b0a4d1db826d0efe312a.exe	cmd.exe
PID 388 wrote to memory of 836	388	7665abef1cc4e30f7830153f1505f8f4818d7156ba28b0a4d1db826d0efe312a.exe	cmd.exe
PID 836 wrote to memory of 1980	836	cmd.exe	[email protected]
PID 836 wrote to memory of 1980	836	cmd.exe	[email protected]
PID 836 wrote to memory of 1980	836	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\7665abef1cc4e30f7830153f1505f8f4818d7156ba28b0a4d1db826d0efe312a.exe
"C:\Users\Admin\AppData\Local\Temp\7665abef1cc4e30f7830153f1505f8f4818d7156ba28b0a4d1db826d0efe312a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:388

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c [email protected]
2⤵
- Suspicious use of WriteProcessMemory
PID:836

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:1980

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4a8b26a191e00da9b020272e2af7074b

SHA1
cd65c0d1a6ddce995d8a3e98ef4198dcbf6e9599

SHA256
b8b7db8e45c5d67b3f86e85bebf2dd29da235889ef59fe280d8d6f5d07c61774

SHA512
af99fe522953fb17453b057426ffcbdd5c1f85d7b20ff1ddc0f7082f4c9f569291f37247426e3e72f1d3de43d28ba9cca83e46236a20ce7ac061679722487b58

Download Submit
memory/388-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1980-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download