49dfa3f9d0dcb0bbb234494d05cef9edade91091d898abec717620c86e89fe40

Analysis

max time kernel
131s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 00:34

Target

SecuriteInfo.com.Win32.Dh-A.22719.13981.exe
Size

13KB
MD5

9d245739371ccf2f614edc8a3e5035d5
SHA1

2ddf3d4df7f1e9d0aaf9f4cc2ba51781d65dec38
SHA256

49dfa3f9d0dcb0bbb234494d05cef9edade91091d898abec717620c86e89fe40
SHA512

20784496bd2f18071d28f0e25a61f3561235b57c4ae8f8729e4d6af92b114ad079d47ab6b5878fdf84ada95e4d4ab2d250274bb643d54db750b7e0b5c84455d7
SSDEEP

192:i2yT5QeGcGyz6g9yGkiMmFWqLfIVnqoOK3tiMZuISjsGWRWlJdxqH7YrqV/:kBxNRVtNHjNWRWlJj+

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 3752	3408	SecuriteInfo.com.Win32.Dh-A.22719.13981.exe	89
PID 3408 wrote to memory of 3752	3408	SecuriteInfo.com.Win32.Dh-A.22719.13981.exe	89

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.22719.13981.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.22719.13981.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\240602003413712.exe 000001
  2⤵
  PID:3752

C:\Users\Admin\AppData\Local\Temp\240602003413712.exe

Filesize
326B

MD5
bf3231d7fad0292d818aac7d6d669f00

SHA1
c29683b3788d729a5fc4504279d10e31da60745c

SHA256
fb2d9f058c2010c57f86a05ae33d282f33e3825290c66b8b120cd177416c6bdf

SHA512
856f5087691eed24d717b4a28769d96e0e003588bdc4b3beb3fa27ad81474b00be00bcedf1bc23c7a6f00947047e7c89ee07cc4f3087e7b76e219b3a068f0398

Download Submit