e75456ee595e9871587d7951960216f20603aab3c992cd076be5bc6501cbec3d

Analysis

max time kernel
104s
max time network
112s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07/06/2024, 06:34

Target

e75456ee595e9871587d7951960216f20603aab3c992cd076be5bc6501cbec3d.exe
Size

12KB
MD5

41e12ea0c42c892fbe40c4d0b0fc5d94
SHA1

c2f3911488fe04df7109f22ed92386da90ea764f
SHA256

e75456ee595e9871587d7951960216f20603aab3c992cd076be5bc6501cbec3d
SHA512

62af6856b44d81dcfddbc8a5974ada0b2503afe28cefc9d2491c2d671ffc8d19e2153d562395b5b4f3a8a2705bc6142bdaf0426906fe4312433238d8bf879172
SSDEEP

192:wb6OEI1Mt8JqeM5mz6j6siUqrs9zn9hiCfhG7Pq+0oYL8maKI/WlJdxqH3W1x+:b7yJO5qozoKL9aKI/WlJj+UQ

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
4636	242607063506274.exe
1832	242607063531899.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 4868	4164	e75456ee595e9871587d7951960216f20603aab3c992cd076be5bc6501cbec3d.exe	77
PID 4164 wrote to memory of 4868	4164	e75456ee595e9871587d7951960216f20603aab3c992cd076be5bc6501cbec3d.exe	77
PID 4868 wrote to memory of 4636	4868	cmd.exe	78
PID 4868 wrote to memory of 4636	4868	cmd.exe	78
PID 4636 wrote to memory of 576	4636	242607063506274.exe	79
PID 4636 wrote to memory of 576	4636	242607063506274.exe	79
PID 576 wrote to memory of 1832	576	cmd.exe	80
PID 576 wrote to memory of 1832	576	cmd.exe	80

C:\Users\Admin\AppData\Local\Temp\e75456ee595e9871587d7951960216f20603aab3c992cd076be5bc6501cbec3d.exe
"C:\Users\Admin\AppData\Local\Temp\e75456ee595e9871587d7951960216f20603aab3c992cd076be5bc6501cbec3d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063506274.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4868
- - C:\Users\Admin\AppData\Local\Temp\242607063506274.exe
    C:\Users\Admin\AppData\Local\Temp\242607063506274.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4636
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063531899.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:576
    - - C:\Users\Admin\AppData\Local\Temp\242607063531899.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607063531899.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:1832

C:\Users\Admin\AppData\Local\Temp\242607063506274.exe

Filesize
13KB

MD5
cc2108e79700cd8fa1fc8ed831d85158

SHA1
702bbe113c9dc5277d596506e18b5fc81941d4af

SHA256
92dfb49586e67084fac61634228da64b012af7d3dba957bcef6b841376511150

SHA512
1b3bbf949748f8bf9f69af5867a40c08ec6b026a36f170181e3c28913488758058da5b0f4917382c7c708e10495f0f7048213bdef820711c2d54df6c695ebc78

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607063531899.exe

Filesize
12KB

MD5
4541d554c2099df70eb42edeac873e81

SHA1
7c25139beb79a5e91fba09a6107495f0e1adb600

SHA256
4a4a4a84fd27302ecf2a702acbe97c24617158159008ac6626b6f9139d4b7a3c

SHA512
d2207d0e51dbc461764247cb3e609d01acfafdeed9b9e796c54f2d778955b5357423480100e680332bc30094f4e6f4201fe19b95a7674568c8a381c1597fa7e1

Download Submit