a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 06:22

Target

a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe
Size

13KB
MD5

985971e033d2fdb8d98b562908f1d706
SHA1

02ed85dd613e583a1caf6931ca7fd98278226973
SHA256

a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498
SHA512

54bbe598a7f8b38eb2005d9f50dfa3c2eea472ed35530ce83dd65337b61539dbf4766e25538aaf7d5c7ef9f9ac2c7150e67f3e3d08671b0f55a73249a9644d75
SSDEEP

192:kRy9BI1puuqRhe6/M+QaxB33s24DuGmJdcPaT84cy67jhSsTyieXKWphWlJdxqHN:bBUqDgIFc2euNNvNXKCWlJj+rh

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
4208	242607062305339.exe
4336	242607062321136.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 4144	1316	a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe	97
PID 1316 wrote to memory of 4144	1316	a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe	97
PID 4144 wrote to memory of 4208	4144	cmd.exe	98
PID 4144 wrote to memory of 4208	4144	cmd.exe	98
PID 4208 wrote to memory of 2556	4208	242607062305339.exe	99
PID 4208 wrote to memory of 2556	4208	242607062305339.exe	99
PID 2556 wrote to memory of 4336	2556	cmd.exe	100
PID 2556 wrote to memory of 4336	2556	cmd.exe	100

C:\Users\Admin\AppData\Local\Temp\a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe
"C:\Users\Admin\AppData\Local\Temp\a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062305339.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Users\Admin\AppData\Local\Temp\242607062305339.exe
    C:\Users\Admin\AppData\Local\Temp\242607062305339.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4208
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062321136.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\242607062321136.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062321136.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:4336

C:\Users\Admin\AppData\Local\Temp\242607062305339.exe

Filesize
13KB

MD5
96ab85e1c4a03a20c0de9e2bd4741658

SHA1
e253a230b6e300a6896cc0ff4b9439a9c748a8ef

SHA256
8e0dc416c6e0b60706b690ee5a186eec4cba75bddf858d10adbc51f08e725e22

SHA512
48128163cc5acff698e09ead3781ab88a9c93b6546c8d56d4f3735d129932fbbd28db6a3f5319cba81571dd411dd297fe0bc1d974de35bf821a755c006aa6691

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062321136.exe

Filesize
12KB

MD5
daa69013a7c78252a3e2d6e6f1df3d1f

SHA1
9ce9e9b13f3bf87bcc7c574efbcca4757557e536

SHA256
8de6e3e835ce3f28a0669e558a9d73237f4f8a1f147dd4fa9c2043fe88debeb2

SHA512
e326eefb31856b7b273a8b4f194576286e4f3d0a0419627c0ced48a008f608bcb37c46d11b18a931da58641463071eab23ac0b69c142dac79f75557628e1fa6d

Download Submit