fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91

Analysis

max time kernel
137s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 06:33

Target

fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe
Size

13KB
MD5

e3fea5a55271052dedbea27a4f7c31aa
SHA1

172237ed29cae674ebf2b49b2ae1786f5d639faf
SHA256

fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91
SHA512

b4482992400fb28c59c23304ef3498bfcd05d9c77c31b8fde1adcd4045d594313af995cce84fb1dd2d938450e939ca1659d4a83127ad4638a4d98a3fd79118cf
SSDEEP

192:LP0I1VlrqhhRjm6dOWAfMefuuoDRGkZP5a1kK018Z/UeOCAjrWlJdxqH3j1xM:w++hvjiGuPkTan3UWlJj+x

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
940	242607063303284.exe
2152	242607063344565.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 1312	3572	fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe	94
PID 3572 wrote to memory of 1312	3572	fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe	94
PID 1312 wrote to memory of 940	1312	cmd.exe	95
PID 1312 wrote to memory of 940	1312	cmd.exe	95
PID 940 wrote to memory of 4304	940	242607063303284.exe	96
PID 940 wrote to memory of 4304	940	242607063303284.exe	96
PID 4304 wrote to memory of 2152	4304	cmd.exe	97
PID 4304 wrote to memory of 2152	4304	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe
"C:\Users\Admin\AppData\Local\Temp\fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063303284.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1312
- - C:\Users\Admin\AppData\Local\Temp\242607063303284.exe
    C:\Users\Admin\AppData\Local\Temp\242607063303284.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:940
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063344565.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\242607063344565.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607063344565.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:2152

C:\Users\Admin\AppData\Local\Temp\242607063303284.exe

Filesize
13KB

MD5
6db078c43c8423b93a5096c52aae8d96

SHA1
c5f824db37e809e86253b80be8a5da528a259e3f

SHA256
fdfc2448049b0c1f9db8424542976e9824cef9c6eec3218cc3b4f3bec411d146

SHA512
a89dc2e98042da6a5fa4340eab840150f34b16e0c6df0bc87af00501be3a52ca6501777f9b339fb27555ccb91c2dd34d28740ff121a4d5f6403abd1c5eaeebfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607063344565.exe

Filesize
13KB

MD5
3d0af476708cad5c687d412d7bb8d49b

SHA1
6562a38b65c5789963e9921babff17c10c2cd5a7

SHA256
888ec802c0e2ef110fdcf2df981db28b4df76d82b1f6d611dc164f137b1b4ab2

SHA512
6698f408c7560615b6a27137341e34a9bfaaa02c91ba7e18ed44e2dc50e223510e3f15b6997f6534d20149e150cc2d1da7f27185e9d0b2dce9bc1e0764551a52

Download Submit