437338edec3968a9d3bf60a87a7ebf162eadb37e201160f2f5569844e54a8010

Analysis

max time kernel
32s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 04:59

Target

Reversed.exe
Size

538KB
MD5

942626c4dc8f6c0a80c48697574bfb87
SHA1

5177f271056f194a38185d2f9bcebbd5cc8444e2
SHA256

437338edec3968a9d3bf60a87a7ebf162eadb37e201160f2f5569844e54a8010
SHA512

b4039d3114a8dc379ad81b933026260e6e23f9ebec1f7bd57955e26e001825fd033f29d5ef8c7f91e607ab03e9a1edb10d359ea4e42ae783ec8fbaaa265553cd
SSDEEP

12288:+Jq9GQUEH+mUhdI2lFmS+Cmd/hkSOPBiBw:+J8tUEemUHrmS/chkhBiB

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 1360	2896	Reversed.exe	82
PID 2896 wrote to memory of 1360	2896	Reversed.exe	82
PID 1360 wrote to memory of 1428	1360	cmd.exe	83
PID 1360 wrote to memory of 1428	1360	cmd.exe	83
PID 1360 wrote to memory of 2520	1360	cmd.exe	84
PID 1360 wrote to memory of 2520	1360	cmd.exe	84
PID 1360 wrote to memory of 1532	1360	cmd.exe	85
PID 1360 wrote to memory of 1532	1360	cmd.exe	85
PID 2896 wrote to memory of 2984	2896	Reversed.exe	89
PID 2896 wrote to memory of 2984	2896	Reversed.exe	89
PID 2896 wrote to memory of 2544	2896	Reversed.exe	90
PID 2896 wrote to memory of 2544	2896	Reversed.exe	90

C:\Users\Admin\AppData\Local\Temp\Reversed.exe
"C:\Users\Admin\AppData\Local\Temp\Reversed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Reversed.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1360
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Reversed.exe" MD5
    3⤵
    PID:1428
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:2520
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2544