a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498

Analysis

max time kernel
92s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07/06/2024, 06:22

Target

a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe
Size

13KB
MD5

985971e033d2fdb8d98b562908f1d706
SHA1

02ed85dd613e583a1caf6931ca7fd98278226973
SHA256

a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498
SHA512

54bbe598a7f8b38eb2005d9f50dfa3c2eea472ed35530ce83dd65337b61539dbf4766e25538aaf7d5c7ef9f9ac2c7150e67f3e3d08671b0f55a73249a9644d75
SSDEEP

192:kRy9BI1puuqRhe6/M+QaxB33s24DuGmJdcPaT84cy67jhSsTyieXKWphWlJdxqHN:bBUqDgIFc2euNNvNXKCWlJj+rh

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
252	242607062306255.exe
684	242607062316708.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2420	2388	a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe	78
PID 2388 wrote to memory of 2420	2388	a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe	78
PID 2420 wrote to memory of 252	2420	cmd.exe	79
PID 2420 wrote to memory of 252	2420	cmd.exe	79
PID 252 wrote to memory of 3112	252	242607062306255.exe	80
PID 252 wrote to memory of 3112	252	242607062306255.exe	80
PID 3112 wrote to memory of 684	3112	cmd.exe	81
PID 3112 wrote to memory of 684	3112	cmd.exe	81

C:\Users\Admin\AppData\Local\Temp\a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe
"C:\Users\Admin\AppData\Local\Temp\a74e179c0ae79b9a6261ff0dbd3fe152c9196c16a2792d48a9b74c074be3d498.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062306255.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Users\Admin\AppData\Local\Temp\242607062306255.exe
    C:\Users\Admin\AppData\Local\Temp\242607062306255.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:252
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062316708.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\242607062316708.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062316708.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:684

C:\Users\Admin\AppData\Local\Temp\242607062306255.exe

Filesize
14KB

MD5
e55917d0472f7dc4f7bc9d7aa874462c

SHA1
bb5eabdc90988ca06fa809fdcf315a9c581a6682

SHA256
0d6fbd8b4682fad12233f9b881443b73a5647abdd76092c6090e6ac2ee04d68a

SHA512
7831acb28dc5ad14593e4b02e6120f44df145cf6727a73cc1ee595a11d594120036c06c6832a350788899645071969c9ec9d1e7e25400e67c34558b7ce08ecbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062316708.exe

Filesize
13KB

MD5
1d00252efcd25b4ca9a27e8cbd44591b

SHA1
f8b91a6191787b4f7ccca7d789dadc564cce56ee

SHA256
25d0ddd1abfe96f30194147e08e5e3d576652c0b09e98ba8b0c003b8d582b008

SHA512
f13538fce0680a0a21b7f551c2c8e87245a0d6bbb341c32cfe0ee813104ab45fba81482f7e323b7f3be5a73d3b1c44f570f581000e907fcdf2d72ae7bd898b2a

Download Submit