4d9b8e0cfc7e2e5316f7aaaeada515140218cd9dce3f5c145175d272cb2d7604

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07-06-2024 06:24

Target

4d9b8e0cfc7e2e5316f7aaaeada515140218cd9dce3f5c145175d272cb2d7604.exe
Size

12KB
MD5

4ffe6616cb20db9dc97c938c9b36b2a2
SHA1

0d6795477000f313fd3976ea35bc3c39be241740
SHA256

4d9b8e0cfc7e2e5316f7aaaeada515140218cd9dce3f5c145175d272cb2d7604
SHA512

06b05b86b60004513db1b2cab8e9615365147669e8fa5d86cf48d65b62d1027d878ed785867091ed64bda769baa5e5f9a22baafd790627dd5b0ee1c6cdede1e6
SSDEEP

192:VaLI16BqGITMN6BORFKvftUs8bf3/8LPjx3MB7N1GeoWlJdxqHY+1x:msGI4Xsa8Zc4eoWlJj+n

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
3176	242607062410243.exe
1380	242607062433664.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 3192	1464	4d9b8e0cfc7e2e5316f7aaaeada515140218cd9dce3f5c145175d272cb2d7604.exe	78
PID 1464 wrote to memory of 3192	1464	4d9b8e0cfc7e2e5316f7aaaeada515140218cd9dce3f5c145175d272cb2d7604.exe	78
PID 3192 wrote to memory of 3176	3192	cmd.exe	79
PID 3192 wrote to memory of 3176	3192	cmd.exe	79
PID 3176 wrote to memory of 1096	3176	242607062410243.exe	80
PID 3176 wrote to memory of 1096	3176	242607062410243.exe	80
PID 1096 wrote to memory of 1380	1096	cmd.exe	81
PID 1096 wrote to memory of 1380	1096	cmd.exe	81

C:\Users\Admin\AppData\Local\Temp\4d9b8e0cfc7e2e5316f7aaaeada515140218cd9dce3f5c145175d272cb2d7604.exe
"C:\Users\Admin\AppData\Local\Temp\4d9b8e0cfc7e2e5316f7aaaeada515140218cd9dce3f5c145175d272cb2d7604.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062410243.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3192
- - C:\Users\Admin\AppData\Local\Temp\242607062410243.exe
    C:\Users\Admin\AppData\Local\Temp\242607062410243.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3176
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062433664.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\242607062433664.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062433664.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:1380

C:\Users\Admin\AppData\Local\Temp\242607062410243.exe

Filesize
13KB

MD5
06600212dbef83b8727142c1d2293a0a

SHA1
18c92d4e9edb95f13c6e66f7825347e0f5f8d8dd

SHA256
0614d09aef415f81226de40fe8df55d2ea4a85f263861888c4c286ef41bf91a9

SHA512
62c7296396f85313d7fa9a4c3aaaad6bc2ad7e99d1369a8d05518ae2feb3fa32d33bcc7c9829061bbc436e5c912a98678af4fc58edd0019e648d230c671305bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062433664.exe

Filesize
13KB

MD5
69f92ce4d62ee759b784483edb6e33f8

SHA1
e177eee82e647aded3e266ce6f1f3f51f633e2ed

SHA256
f524856855d4a5628b53a268cf3d1e0e676415f7b4b0f0d6b614edad4ae4d984

SHA512
1c5b46598e30e982b54b4769e5361eb1ac463c6be161f9e09f53716d70364863f92a327cbfc254bebc1cf7ea0dc2565ecba576229f5e64e19dd3edaf44987106

Download Submit