c502f79254b5f43e74c3859651bfa31c36206359b760cd2c3ee709bccbca6c84

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
07/06/2024, 07:14

Target

c502f79254b5f43e74c3859651bfa31c36206359b760cd2c3ee709bccbca6c84.exe
Size

14KB
MD5

042ab4c4eec2df899cfd3ffb7b61fd80
SHA1

a5e436a7df688f76a33372a26b30bd43fd99de65
SHA256

c502f79254b5f43e74c3859651bfa31c36206359b760cd2c3ee709bccbca6c84
SHA512

711e6c77dffc91bca0aee6e5071daeb6c0a9fdd8a15d31afea4f16acae8c810022e6d78e2e17765df24176d4d57a161b9c59b82e405924746bf1e3bdc1fd100f
SSDEEP

192:uQPzI1i7Ws3/FP6amDVZGZd1qtgWAyMgaaP9h55yOoOpupaFwKKoIWlJdxqHbnzv:XTWsPFaDCsUSFAv0IWlJj+l

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
2036	242607071413325.exe
2880	242607071455262.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2448	2628	c502f79254b5f43e74c3859651bfa31c36206359b760cd2c3ee709bccbca6c84.exe	80
PID 2628 wrote to memory of 2448	2628	c502f79254b5f43e74c3859651bfa31c36206359b760cd2c3ee709bccbca6c84.exe	80
PID 2448 wrote to memory of 2036	2448	cmd.exe	81
PID 2448 wrote to memory of 2036	2448	cmd.exe	81
PID 2036 wrote to memory of 4784	2036	242607071413325.exe	82
PID 2036 wrote to memory of 4784	2036	242607071413325.exe	82
PID 4784 wrote to memory of 2880	4784	cmd.exe	83
PID 4784 wrote to memory of 2880	4784	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\c502f79254b5f43e74c3859651bfa31c36206359b760cd2c3ee709bccbca6c84.exe
"C:\Users\Admin\AppData\Local\Temp\c502f79254b5f43e74c3859651bfa31c36206359b760cd2c3ee709bccbca6c84.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607071413325.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\242607071413325.exe
    C:\Users\Admin\AppData\Local\Temp\242607071413325.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2036
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607071455262.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\242607071455262.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607071455262.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:2880

C:\Users\Admin\AppData\Local\Temp\242607071413325.exe

Filesize
12KB

MD5
64a3339f1ae1b1cc7da96c2bbf84114e

SHA1
7a892a8f3a4fcc3101a8beab41f696df6bc0f468

SHA256
d271bcf2d4ae64fca549837ec527c4660f2e1b06f7b20d140b3063002d8abf5e

SHA512
7076fab9db30c8fa873d2d76a237a6ce20f23deba1b9fd3750a5a3ab6e4885bd5ae0e807e3238ccd5bdc0a51c43c0f0b700f2187151ba8d21dada29137c488bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607071455262.exe

Filesize
13KB

MD5
c3c45afa777db0733061996911aa47dd

SHA1
d9e9dc4ceb1243ff7c624a87c8efc85334f4eb69

SHA256
a1bd8ed029259dff59905bf29fd9f877a0a02c400d48b8fbe598b309ff0daea7

SHA512
802e1267bf755b329411bc0597443d010c9030b97725c57b66b1c5ffae2071023b09754198ea3fa00143c472020e14e1e47e4aeda3a0c52727846fb7f4560404

Download Submit