fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07/06/2024, 06:33

Target

fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe
Size

13KB
MD5

e3fea5a55271052dedbea27a4f7c31aa
SHA1

172237ed29cae674ebf2b49b2ae1786f5d639faf
SHA256

fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91
SHA512

b4482992400fb28c59c23304ef3498bfcd05d9c77c31b8fde1adcd4045d594313af995cce84fb1dd2d938450e939ca1659d4a83127ad4638a4d98a3fd79118cf
SSDEEP

192:LP0I1VlrqhhRjm6dOWAfMefuuoDRGkZP5a1kK018Z/UeOCAjrWlJdxqH3j1xM:w++hvjiGuPkTan3UWlJj+x

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
1620	242607063302245.exe
792	242607063343839.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 3772	4856	fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe	78
PID 4856 wrote to memory of 3772	4856	fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe	78
PID 3772 wrote to memory of 1620	3772	cmd.exe	79
PID 3772 wrote to memory of 1620	3772	cmd.exe	79
PID 1620 wrote to memory of 4284	1620	242607063302245.exe	80
PID 1620 wrote to memory of 4284	1620	242607063302245.exe	80
PID 4284 wrote to memory of 792	4284	cmd.exe	81
PID 4284 wrote to memory of 792	4284	cmd.exe	81

C:\Users\Admin\AppData\Local\Temp\fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe
"C:\Users\Admin\AppData\Local\Temp\fc0a9acf8a8b5bb601a5b8745cd40a16576fb97d852c9127a6ef380a8624ce91.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063302245.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3772
- - C:\Users\Admin\AppData\Local\Temp\242607063302245.exe
    C:\Users\Admin\AppData\Local\Temp\242607063302245.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063343839.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\242607063343839.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607063343839.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:792

C:\Users\Admin\AppData\Local\Temp\242607063302245.exe

Filesize
13KB

MD5
af30c1b84ebe4f56b560c5716e6f2700

SHA1
2a880fe1545caac3c2b366f33123aea8befdd0ce

SHA256
71350489d95b9acd4a2d1e569b6eb16590c730f305c74ac36a351bba1d5008a1

SHA512
d0ad33b078232c79a19674504823a4d12215fde90d44b80fd64306273e8d8dc2bd707d3cf524a27961b0bdbc23fdf91ddf82cb5041d4342c7848dc9ce6bffaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607063343839.exe

Filesize
13KB

MD5
af0aaa3618a2968bae92504d3831fee3

SHA1
c6c75918052c42a0963aa03874662adcd7a53c8f

SHA256
e8fa9142ccc3398a7a728a8b41486321982154590a67b6673bc86071cdf96604

SHA512
27159509bf9432fb5dfabfc43ea4b56e67d578b5b764d5b588a3ffd68448a93c6b5a6f68f8bbe90a6f03de159908648c4c6b035d00e99f719c6a7f894ce1d145

Download Submit