f557ab63e2d5642368938643c36a62b4a6d1c84c4c18b6b0f8b9028800eb4d1a

Analysis

max time kernel
94s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 00:34

Target

SecuriteInfo.com.Win32.Dh-A.13598.23475.exe
Size

13KB
MD5

0fb2c2309ccfc290ad92663107c384d2
SHA1

fe4810f9ab2f6dd78206d091f0f0223f3ef41cdf
SHA256

f557ab63e2d5642368938643c36a62b4a6d1c84c4c18b6b0f8b9028800eb4d1a
SHA512

3d5e6faf81c2b415bad841a47de307c90ea4563587a194ae996ff7a1e9aed1be6a6cfe22b10f42b38101dcfe3faa2c4fb22ab09469fa8fe97957c7e7182e5bc7
SSDEEP

192:vGUT5QHrIhzJSD61DK+0WJ/WBjnsMjzH1evUQBoOB8cAkGVWlJdxqH7YrwVm:b2GoCwFFVWlJj+

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 4560	2616	SecuriteInfo.com.Win32.Dh-A.13598.23475.exe	88
PID 2616 wrote to memory of 4560	2616	SecuriteInfo.com.Win32.Dh-A.13598.23475.exe	88

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.13598.23475.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.13598.23475.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\240602003415368.exe 000001
  2⤵
  PID:4560

C:\Users\Admin\AppData\Local\Temp\240602003415368.exe

Filesize
326B

MD5
bf3231d7fad0292d818aac7d6d669f00

SHA1
c29683b3788d729a5fc4504279d10e31da60745c

SHA256
fb2d9f058c2010c57f86a05ae33d282f33e3825290c66b8b120cd177416c6bdf

SHA512
856f5087691eed24d717b4a28769d96e0e003588bdc4b3beb3fa27ad81474b00be00bcedf1bc23c7a6f00947047e7c89ee07cc4f3087e7b76e219b3a068f0398

Download Submit