d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f

Analysis

max time kernel
131s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 07:10

Target

d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f.exe
Size

12KB
MD5

d74568914f56b34b011d5d751eb16889
SHA1

880bd13ca4e4f5ca7c780daaf21503e1576c0339
SHA256

d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f
SHA512

7866144d059e1cb959300eb6f969b716e0d905040c5239c6b7a5e462764b1f9c94e4397e17217aff53d0bb036583ea446a1b1829b81cab570c5cda919eb6b78a
SSDEEP

192:uk8rI1lJYWNzMF6vZCPYods2nDfFknTP3BchLlmqRQhWhSWlJdxqHxL1x:aYKK4c+cg4qCsMWlJj+z

Score

8^/10

Executes dropped EXE 2 IoCs

pid	Process
4004	242607071043414.exe
5004	242607071054460.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 1972	4544	d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f.exe	97
PID 4544 wrote to memory of 1972	4544	d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f.exe	97
PID 1972 wrote to memory of 4004	1972	cmd.exe	98
PID 1972 wrote to memory of 4004	1972	cmd.exe	98
PID 4004 wrote to memory of 3584	4004	242607071043414.exe	99
PID 4004 wrote to memory of 3584	4004	242607071043414.exe	99
PID 3584 wrote to memory of 5004	3584	cmd.exe	100
PID 3584 wrote to memory of 5004	3584	cmd.exe	100

C:\Users\Admin\AppData\Local\Temp\d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f.exe
"C:\Users\Admin\AppData\Local\Temp\d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607071043414.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\242607071043414.exe
    C:\Users\Admin\AppData\Local\Temp\242607071043414.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4004
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607071054460.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\242607071054460.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607071054460.exe 000002
        5⤵
        Executes dropped EXE
        
        PID:5004

C:\Users\Admin\AppData\Local\Temp\242607071043414.exe

Filesize
13KB

MD5
f41d2431f8d590310702ff9497f34d88

SHA1
6ced147ab9ec43d73f0aeb23fef6417c2350b53c

SHA256
8aaf2c227235a9f131bb925ce060507082e53e4ce309b99bf84fb87bf1373487

SHA512
75b77368ce8d3736c4d902bc408200fb2bd5fa3977859d316012696eff6fe7a2480e663032192088f5767a59835fc8f64359126d884e69396f2b08524731b110

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607071054460.exe

Filesize
13KB

MD5
9aa29ee5317aef52c11c03f7897a5ccf

SHA1
d667900c8d5231968057c0c80d294434644aa98e

SHA256
513bc3a89510f39a57bdf7f897f8e380fda1a4d2f9d5f6d5db7bad63b4d54627

SHA512
1116834d35fb9924583111b63b1c158e14333638700ef91b0fb34f1e5f311d99836be4dd04d5fa148ade7e62e6e79223fe18d3e40d787fd1f79dc61ddf9dd388

Download Submit