Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe
-
Size
543KB
-
MD5
82ccd7e7b55347928c927b1c07418603
-
SHA1
d1eb072920f8c79e5721f8c30f2cebb1c47c1432
-
SHA256
3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01
-
SHA512
f42fc7a513d598138bc9a9e124ee2a3e807ba16d2c328c33588737ea0a96e9aab80b2192666fa00b4d1ae5af7b30555d694e6c1b1a9a6732fc382092b9200ee4
-
SSDEEP
12288:vlHeY7ivCc94dpKd23Ql1ff9nB6WY817G:gY2v79Mpib1fVnkW/7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 1040 wrote to memory of 1328 1040 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 82 PID 1040 wrote to memory of 1328 1040 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 82 PID 1328 wrote to memory of 1080 1328 cmd.exe 83 PID 1328 wrote to memory of 1080 1328 cmd.exe 83 PID 1040 wrote to memory of 1788 1040 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 84 PID 1040 wrote to memory of 1788 1040 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 84 PID 1040 wrote to memory of 2924 1040 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 85 PID 1040 wrote to memory of 2924 1040 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 85 PID 2924 wrote to memory of 2700 2924 cmd.exe 86 PID 2924 wrote to memory of 2700 2924 cmd.exe 86 PID 2924 wrote to memory of 3620 2924 cmd.exe 87 PID 2924 wrote to memory of 3620 2924 cmd.exe 87 PID 2924 wrote to memory of 4376 2924 cmd.exe 88 PID 2924 wrote to memory of 4376 2924 cmd.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe"C:\Users\Admin\AppData\Local\Temp\3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1040 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c MODE CON COLS=56 LINES=192⤵
- Suspicious use of WriteProcessMemory
PID:1328 -
C:\Windows\system32\mode.comMODE CON COLS=56 LINES=193⤵PID:1080
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1788
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe" MD53⤵PID:2700
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:3620
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:4376
-
-