ba26ecae443c2668fe49db39333d0ffe58b1cd9fb6c34155a9b3f51bf93e4076

Analysis

max time kernel
91s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:21

Target

ba26ecae443c2668fe49db39333d0ffe58b1cd9fb6c34155a9b3f51bf93e4076.exe
Size

79KB
MD5

22b9718a56cfbb26136e4fc849fabb3b
SHA1

7c3ea782989db51f70ce3e0d89ee1435cd2cf99a
SHA256

ba26ecae443c2668fe49db39333d0ffe58b1cd9fb6c34155a9b3f51bf93e4076
SHA512

4940bf55e3942fccdbfa599689784cf03a4edd77b3496b3cc72a81ed9c1c85827333261dd89e15870d300fdffde2cebb2d12c4ab5c1834bf4aa340e65fcb6a2f
SSDEEP

1536:zvI+hUIvhCXa+buOQA8AkqUhMb2nuy5wgIP0CSJ+5yXB8GMGlZ5G:zvIMUV77GdqU7uy5w9WMyXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

804 [email protected]

pid	process
804	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

ba26ecae443c2668fe49db39333d0ffe58b1cd9fb6c34155a9b3f51bf93e4076.execmd.exe

description	pid	process	target process
PID 4788 wrote to memory of 2460	4788	ba26ecae443c2668fe49db39333d0ffe58b1cd9fb6c34155a9b3f51bf93e4076.exe	cmd.exe
PID 4788 wrote to memory of 2460	4788	ba26ecae443c2668fe49db39333d0ffe58b1cd9fb6c34155a9b3f51bf93e4076.exe	cmd.exe
PID 4788 wrote to memory of 2460	4788	ba26ecae443c2668fe49db39333d0ffe58b1cd9fb6c34155a9b3f51bf93e4076.exe	cmd.exe
PID 2460 wrote to memory of 804	2460	cmd.exe	[email protected]
PID 2460 wrote to memory of 804	2460	cmd.exe	[email protected]
PID 2460 wrote to memory of 804	2460	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\ba26ecae443c2668fe49db39333d0ffe58b1cd9fb6c34155a9b3f51bf93e4076.exe
"C:\Users\Admin\AppData\Local\Temp\ba26ecae443c2668fe49db39333d0ffe58b1cd9fb6c34155a9b3f51bf93e4076.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4788

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c [email protected]
2⤵
- Suspicious use of WriteProcessMemory
PID:2460

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:804

C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize
79KB

MD5
ecbb626df1d934855a3ddba7d0b0d905

SHA1
9c80c1150e8cc64e7efbdd472cf61b1c5f522469

SHA256
a7b4c06d62d93f30e4ae46faa76454d0b82a41b095f6d7fdc9fe68cfe1a5a692

SHA512
27e5a96b462c2c334719ae4e5aaf701c7598207dcf691af78adc421fc8649376befaadaa426466d3bf19bd245ec31a2420ad8340287e3555e001897d45b67460

Download Submit
memory/804-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4788-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download