06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07/06/2024, 06:35

Target

06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe
Size

13KB
MD5

6a12a3b9eba14f803512ecad475023aa
SHA1

192e11bd7ef9deeb12721778c330b5d8b0826a23
SHA256

06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94
SHA512

d7ca1c7d8597ffdefde5b47afe68f2a2b115c8b1bd16b664e2eba2be5dd1debf7f6cba18b64de2a44220399c269244165f92fad8f6e2e5316a2d558b6f982864
SSDEEP

192:U/7I16ioa1P7b96ZBjcM/p07vTjLVgDcUTcMriApgr73WlJdxqHYnL1x:cYoSbwsHwG6gr73WlJj+G

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
1416	242607063520286.exe
780	240607063601145.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 2144	1140	06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe	78
PID 1140 wrote to memory of 2144	1140	06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe	78
PID 2144 wrote to memory of 1416	2144	cmd.exe	79
PID 2144 wrote to memory of 1416	2144	cmd.exe	79
PID 1416 wrote to memory of 4816	1416	242607063520286.exe	80
PID 1416 wrote to memory of 4816	1416	242607063520286.exe	80
PID 4816 wrote to memory of 780	4816	cmd.exe	81
PID 4816 wrote to memory of 780	4816	cmd.exe	81

C:\Users\Admin\AppData\Local\Temp\06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe
"C:\Users\Admin\AppData\Local\Temp\06d61bd5fcf328b5829a422f0c2b5e6fb5a8dee447e7ab201b25132c48690a94.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063520286.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\242607063520286.exe
    C:\Users\Admin\AppData\Local\Temp\242607063520286.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1416
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\240607063601145.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\240607063601145.exe
        
        C:\Users\Admin\AppData\Local\Temp\240607063601145.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:780

C:\Users\Admin\AppData\Local\Temp\240607063601145.exe

Filesize
13KB

MD5
547eac449c66eeafde09600f83e6d281

SHA1
ce77660498a03c40891fe175173aa8ae92880398

SHA256
1cadbc3996366254db32dc40460e35d8e1d7442f03b71618cdc92b673b1eaa64

SHA512
1c594d53d80d2f35130a3ff4b645378438f2c6992383e993a6bf16304a2adaf9466494ecd7ef3ad4ad2a828e2313456ba7a7abdff98757e8b0c0e39d22470023

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607063520286.exe

Filesize
13KB

MD5
2870ac8aa012f2a580ab36755e8ef6b5

SHA1
0dc581c4d146629036bfc6336250d11927d88e92

SHA256
756017ed109e8ce51f05bac733412bb890d9b005995efbb8bdd6b91e66960a69

SHA512
c00b87df0dde268defa2bc16635a89d66dfa21ca08d7ac0d067a2947fbfdbe45ef4161fcdfafa052f9482daa975159830717d016ff6bda8ec693df9feb43294f

Download Submit