944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce

Analysis

max time kernel
139s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:21

Target

944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe
Size

79KB
MD5

60701ea7084819139079a760b26273ac
SHA1

ff8f5f906b54f3d5fbbe422dcd11a693ea1a36cf
SHA256

944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce
SHA512

67f7984259a607abe69015e505a6da24e6f0d551791b4460684b9215a36d6a658ec718c6f07defcf4e48ad7898e291c8cec5f46d9cd5df30181d3278c25e0d6a
SSDEEP

1536:zv3JmHlv340W6OQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvZmHlvfWPGdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

1984 [email protected]

pid	process
1984	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.execmd.exe

description	pid	process	target process
PID 4964 wrote to memory of 3600	4964	944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe	cmd.exe
PID 4964 wrote to memory of 3600	4964	944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe	cmd.exe
PID 4964 wrote to memory of 3600	4964	944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe	cmd.exe
PID 3600 wrote to memory of 1984	3600	cmd.exe	[email protected]
PID 3600 wrote to memory of 1984	3600	cmd.exe	[email protected]
PID 3600 wrote to memory of 1984	3600	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe
"C:\Users\Admin\AppData\Local\Temp\944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c [email protected]
2⤵
- Suspicious use of WriteProcessMemory
PID:3600

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4340,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3972 /prefetch:8
1⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize
79KB

MD5
04105d660c34569a7b0ef461d44dc9cf

SHA1
9d956dbf0ce1e3ac529610af878ea99a6238c526

SHA256
cfb18086aeab81f1031c442f93ebe9e250c81ef4af0cc3239889434f0e0a352f

SHA512
1fe48d5d7ff734b844f266abbdfb6859deaee579ca6a3d86ba5ebb24cbb4e0ab7755d6ba94788308121763c9a21277abbd49026bfb6b09b7d8e893afec320f82

Download Submit
memory/1984-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4964-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download