848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f

Analysis

max time kernel
132s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:19

Target

848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe
Size

79KB
MD5

42a16b74e51b2c19d6f435d726622892
SHA1

1273c936233255ac3957d4f7867d5335d715ceb1
SHA256

848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f
SHA512

c3a7e64aa0858ec2c353e5856f34fa76dc0183e7efeceaa34fbba77f04df6de798643866c0c012e607e743bcbe9b04241b674610433429a67662e7173e5347d0
SSDEEP

1536:zvWFMiUFK780JWTnOQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zvWF3UFK78p6GdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

944 [email protected]

pid	process
944	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.execmd.exe

description	pid	process	target process
PID 3088 wrote to memory of 1728	3088	848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe	cmd.exe
PID 3088 wrote to memory of 1728	3088	848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe	cmd.exe
PID 3088 wrote to memory of 1728	3088	848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe	cmd.exe
PID 1728 wrote to memory of 944	1728	cmd.exe	[email protected]
PID 1728 wrote to memory of 944	1728	cmd.exe	[email protected]
PID 1728 wrote to memory of 944	1728	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe
"C:\Users\Admin\AppData\Local\Temp\848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3088

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c [email protected]
2⤵
- Suspicious use of WriteProcessMemory
PID:1728

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:944

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
15517bfb7b81c69660d43bad567421ed

SHA1
997ca847317463bae6e14729f4ebf09d487f118e

SHA256
4b2b519f5a31486c776e58ccb6982c4999bee961ef573601141a61840537ce12

SHA512
1bec55d95c74b07e8b274cc98ef127b2aa7285fff9d61714ac7e4bb1139db9a128def5cc9f2f4f58bdd7f32ed2ce48795fbbbe9dc12124981fe54aeb8957e657

Download Submit
memory/944-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3088-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download