60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa

Analysis

max time kernel
121s
max time network
123s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
07-06-2024 06:23

Target

60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa.exe
Size

12KB
MD5

7c27e24d5906da948cb89561a9af9dd7
SHA1

8c705a37c5047eb9f8e02c5c048d2235add2f2bb
SHA256

60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa
SHA512

49eb366f5583fd932dad19136b0a69b33d29d099e0e477233c9c49e07ceae6e8af6ac1b9281127e6c6683e4dd0c6518be479e301ea88bb284b36505c7dda60bf
SSDEEP

192:7TmqI1c6qHT7AN684TOh3egBB8zGCag8wP+gx3yS8zgmwGLpzWlJdxqHBz1x:NVHPAzeajRgxCpU4LpzWlJj+P

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
4768	242607062331258.exe
3384	242607062412821.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 4464	1836	60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa.exe	78
PID 1836 wrote to memory of 4464	1836	60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa.exe	78
PID 4464 wrote to memory of 4768	4464	cmd.exe	79
PID 4464 wrote to memory of 4768	4464	cmd.exe	79
PID 4768 wrote to memory of 5028	4768	242607062331258.exe	80
PID 4768 wrote to memory of 5028	4768	242607062331258.exe	80
PID 5028 wrote to memory of 3384	5028	cmd.exe	81
PID 5028 wrote to memory of 3384	5028	cmd.exe	81

C:\Users\Admin\AppData\Local\Temp\60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa.exe
"C:\Users\Admin\AppData\Local\Temp\60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062331258.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4464
- - C:\Users\Admin\AppData\Local\Temp\242607062331258.exe
    C:\Users\Admin\AppData\Local\Temp\242607062331258.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062412821.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\242607062412821.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062412821.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:3384

C:\Users\Admin\AppData\Local\Temp\242607062331258.exe

Filesize
13KB

MD5
fced09c38cf084d52e37aca345f7095d

SHA1
a9c89f87b615eceeebef921d2fae0651f2555c21

SHA256
011e3d8e00011b46d65b6589781afbfddd9ee666d490c791e1c294e40552a0fe

SHA512
fcbc29d873494ba443360818c60009a96ffac1966108873c68d7439f39aaf201567049840133e988a67ef897fb67d27435d902eca9e5de813a356e283e494aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062412821.exe

Filesize
13KB

MD5
9ccfaa1eb224bf73d427c7768e1c8ccd

SHA1
fad3594143fcdee650bb81aba4910822e8669fc0

SHA256
51af27ff99b1021f36250cfa0d93ba7aae8502495cd53b1f6222259146c628aa

SHA512
c41821d316a56ea4d64c93a021e84649c4f755d6027df23da0dae766dc11b35e61df49f5aeb53bedafd47b9c6578e9a2dee51907ff8f6141d7adb0151105e473

Download Submit