a93d0e2d98229d730d40fc8d90d3f48be081cee9c2b5f3185f9ab6789cc7c30a

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:36

Target

a93d0e2d98229d730d40fc8d90d3f48be081cee9c2b5f3185f9ab6789cc7c30a.exe
Size

79KB
MD5

0391917b3f2ed33866dc58dd81d93455
SHA1

9c3cf39bb37ecf8ec0dc3917b2a5b9040b3b7b37
SHA256

a93d0e2d98229d730d40fc8d90d3f48be081cee9c2b5f3185f9ab6789cc7c30a
SHA512

7c745016bf8f9f167b5929d861a039306f89c65f0d9a68ee24d7e089801b0e5b8bce26235798737e21b8b87cc68143ef56a52a32ecdd9b3180a16e4bdcb8ec92
SSDEEP

1536:zvtWgNR4gnuf/mNv4OQA8AkqUhMb2nuy5wgIP0CSJ+5yyB8GMGlZ5G:zvtWgcBf+vdGdqU7uy5w9WMyyN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

2124 [email protected]

pid	process
2124	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a93d0e2d98229d730d40fc8d90d3f48be081cee9c2b5f3185f9ab6789cc7c30a.execmd.exe

description	pid	process	target process
PID 1500 wrote to memory of 4468	1500	a93d0e2d98229d730d40fc8d90d3f48be081cee9c2b5f3185f9ab6789cc7c30a.exe	cmd.exe
PID 1500 wrote to memory of 4468	1500	a93d0e2d98229d730d40fc8d90d3f48be081cee9c2b5f3185f9ab6789cc7c30a.exe	cmd.exe
PID 1500 wrote to memory of 4468	1500	a93d0e2d98229d730d40fc8d90d3f48be081cee9c2b5f3185f9ab6789cc7c30a.exe	cmd.exe
PID 4468 wrote to memory of 2124	4468	cmd.exe	[email protected]
PID 4468 wrote to memory of 2124	4468	cmd.exe	[email protected]
PID 4468 wrote to memory of 2124	4468	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\a93d0e2d98229d730d40fc8d90d3f48be081cee9c2b5f3185f9ab6789cc7c30a.exe
"C:\Users\Admin\AppData\Local\Temp\a93d0e2d98229d730d40fc8d90d3f48be081cee9c2b5f3185f9ab6789cc7c30a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1500

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c [email protected]
2⤵
- Suspicious use of WriteProcessMemory
PID:4468

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:2124

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
749d2cb227f7dec331bc15568b7925a9

SHA1
80008261b02082c12f9bf3dc7b332e1d18f1f2f5

SHA256
15dd6291f1fec336a96abc6cfd61ee4ddb7758b1a4bf0ebf90f1836ea76f69d4

SHA512
4c7578db8816a4126e4fffb27caaf62a0c0715b74aa76b80ac62bcbebe28fdb0398e6225363c3fa443f287f1a07823ff6c249930ac81617738cd2ef7426974ef

Download Submit
memory/1500-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2124-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download