06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 06:35

Target

06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe
Size

13KB
MD5

6a12a3b9eba14f803512ecad475023aa
SHA1

192e11bd7ef9deeb12721778c330b5d8b0826a23
SHA256

06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94
SHA512

d7ca1c7d8597ffdefde5b47afe68f2a2b115c8b1bd16b664e2eba2be5dd1debf7f6cba18b64de2a44220399c269244165f92fad8f6e2e5316a2d558b6f982864
SSDEEP

192:U/7I16ioa1P7b96ZBjcM/p07vTjLVgDcUTcMriApgr73WlJdxqHYnL1x:cYoSbwsHwG6gr73WlJj+G

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1504	242607063526735.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 3060	1616	06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe	92
PID 1616 wrote to memory of 3060	1616	06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe	92
PID 3060 wrote to memory of 1504	3060	cmd.exe	93
PID 3060 wrote to memory of 1504	3060	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe
"C:\Users\Admin\AppData\Local\Temp\06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063526735.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\242607063526735.exe
    C:\Users\Admin\AppData\Local\Temp\242607063526735.exe 000001
    3⤵
    - Executes dropped EXE
    PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\242607063526735.exe

Filesize
13KB

MD5
2870ac8aa012f2a580ab36755e8ef6b5

SHA1
0dc581c4d146629036bfc6336250d11927d88e92

SHA256
756017ed109e8ce51f05bac733412bb890d9b005995efbb8bdd6b91e66960a69

SHA512
c00b87df0dde268defa2bc16635a89d66dfa21ca08d7ac0d067a2947fbfdbe45ef4161fcdfafa052f9482daa975159830717d016ff6bda8ec693df9feb43294f

Download Submit