4f03c56f2b6bc7efad8c18946bfae9f08b42c25284eb30902cb35d8cd86d5a98

Analysis

max time kernel
133s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02/06/2024, 23:26

Target

cyto.exe
Size

1.6MB
MD5

86b57370af23a019af111ef3a493c519
SHA1

fb1e8f837a84d37d241ead16b68249afb454d398
SHA256

4f03c56f2b6bc7efad8c18946bfae9f08b42c25284eb30902cb35d8cd86d5a98
SHA512

341a459e94ae3047a910b782674172930eed2ee4aa8a174c9664b81417205e244315ca06869b029cf3955ad2aec12a105c40f595bcdcfea89f7e65edbe526870
SSDEEP

24576:gor33vzNdoEl4KfBbKOnDhLTS5Tt5J6HkaiLFToUhrE18lFGKTzf:N33vzNdPBnlTq3acFToUhE18/

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 4580	1020	cyto.exe	74
PID 1020 wrote to memory of 4580	1020	cyto.exe	74
PID 4580 wrote to memory of 292	4580	cmd.exe	75
PID 4580 wrote to memory of 292	4580	cmd.exe	75
PID 4580 wrote to memory of 928	4580	cmd.exe	76
PID 4580 wrote to memory of 928	4580	cmd.exe	76
PID 4580 wrote to memory of 2664	4580	cmd.exe	77
PID 4580 wrote to memory of 2664	4580	cmd.exe	77

C:\Users\Admin\AppData\Local\Temp\cyto.exe
"C:\Users\Admin\AppData\Local\Temp\cyto.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\cyto.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4580
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\cyto.exe" MD5
    3⤵
    PID:292
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:928
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:2664