94775270a08d8e68a4d14f9e76b5443b2277c9b6066f722e2c88fecb5a98b168

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:24

Target

94775270a08d8e68a4d14f9e76b5443b2277c9b6066f722e2c88fecb5a98b168.exe
Size

79KB
MD5

63b73202b92716c8b385c3df95b7e677
SHA1

1535215077d8d83dcc3ca4e40f64868e949c290e
SHA256

94775270a08d8e68a4d14f9e76b5443b2277c9b6066f722e2c88fecb5a98b168
SHA512

fff4dbf770a740af9da63029456ae204c6235593af11a2b96a168bb1fab642fc6d6780c2e5b235b7f5d3d8f679fe88dc788efaa019bfbc93721a536e99c2f34e
SSDEEP

1536:zvSPRRRf384f0+zOQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zv0RRRfZfQGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

1204 [email protected]

pid	process
1204	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

94775270a08d8e68a4d14f9e76b5443b2277c9b6066f722e2c88fecb5a98b168.execmd.exe

description	pid	process	target process
PID 968 wrote to memory of 3400	968	94775270a08d8e68a4d14f9e76b5443b2277c9b6066f722e2c88fecb5a98b168.exe	cmd.exe
PID 968 wrote to memory of 3400	968	94775270a08d8e68a4d14f9e76b5443b2277c9b6066f722e2c88fecb5a98b168.exe	cmd.exe
PID 968 wrote to memory of 3400	968	94775270a08d8e68a4d14f9e76b5443b2277c9b6066f722e2c88fecb5a98b168.exe	cmd.exe
PID 3400 wrote to memory of 1204	3400	cmd.exe	[email protected]
PID 3400 wrote to memory of 1204	3400	cmd.exe	[email protected]
PID 3400 wrote to memory of 1204	3400	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\94775270a08d8e68a4d14f9e76b5443b2277c9b6066f722e2c88fecb5a98b168.exe
"C:\Users\Admin\AppData\Local\Temp\94775270a08d8e68a4d14f9e76b5443b2277c9b6066f722e2c88fecb5a98b168.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:968

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c [email protected]
2⤵
- Suspicious use of WriteProcessMemory
PID:3400

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:1204

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
871812103c57ca838ca299b61e9160fb

SHA1
921ff0526f90b126c8a36a0f85229ce0642cf3b2

SHA256
7faeb1e52a46ef37b0f9417a83aa630311c0af2b82ea9b82bda67ac9d1707157

SHA512
17cfd857a55de818d9168c58b0aa16095b1a9955c81d240f428d8c38bcca9f6f3d97cfe6a3c423c08190b7f35fa300bd88a38bfe21dab014c6dab9ea75d7048c

Download Submit
memory/968-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1204-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download