848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f

Analysis

max time kernel
132s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 02:19

Target

848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe
Size

79KB
MD5

42a16b74e51b2c19d6f435d726622892
SHA1

1273c936233255ac3957d4f7867d5335d715ceb1
SHA256

848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f
SHA512

c3a7e64aa0858ec2c353e5856f34fa76dc0183e7efeceaa34fbba77f04df6de798643866c0c012e607e743bcbe9b04241b674610433429a67662e7173e5347d0
SSDEEP

1536:zvWFMiUFK780JWTnOQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zvWF3UFK78p6GdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
944	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 1728	3088	848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe	83
PID 3088 wrote to memory of 1728	3088	848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe	83
PID 3088 wrote to memory of 1728	3088	848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe	83
PID 1728 wrote to memory of 944	1728	cmd.exe	84
PID 1728 wrote to memory of 944	1728	cmd.exe	84
PID 1728 wrote to memory of 944	1728	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe
"C:\Users\Admin\AppData\Local\Temp\848a477f9f360e9e6fb4e1bc38e632cac5032e6b5b4796a5ecfe37216ead040f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:944

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
15517bfb7b81c69660d43bad567421ed

SHA1
997ca847317463bae6e14729f4ebf09d487f118e

SHA256
4b2b519f5a31486c776e58ccb6982c4999bee961ef573601141a61840537ce12

SHA512
1bec55d95c74b07e8b274cc98ef127b2aa7285fff9d61714ac7e4bb1139db9a128def5cc9f2f4f58bdd7f32ed2ce48795fbbbe9dc12124981fe54aeb8957e657

Download Submit
memory/944-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3088-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download