d8ead9cf42e7bc3f83c137d821116fd1b67d3d0697ac2e5b4038dce1f02e8a56

Resubmissions

08/06/2024, 14:37

08/06/2024, 14:36

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 14:37

Target

v.182734.exe
Size

648KB
MD5

7c9539619cb8e085ee4e5cc64594318b
SHA1

d10c19373dc17f752bf5f6ddfd23be4cb6234504
SHA256

d8ead9cf42e7bc3f83c137d821116fd1b67d3d0697ac2e5b4038dce1f02e8a56
SHA512

8778e1ea69c4cf22a734ebfc13150ce57d7bbaa9e79f8c480460e5d8136369a51876d3357c8c15e326839b87994cf8a9db98ed13c10d2057d2880a20d095aa5b
SSDEEP

12288:5OuP4p6NKKDuV3axuuml/5yk4RB4w/U01makR8G:QuVMKCVqSl/oVBjf1maet

Score

1^/10

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 4240	552	v.182734.exe	88
PID 552 wrote to memory of 4240	552	v.182734.exe	88
PID 552 wrote to memory of 928	552	v.182734.exe	89
PID 552 wrote to memory of 928	552	v.182734.exe	89
PID 928 wrote to memory of 4840	928	cmd.exe	90
PID 928 wrote to memory of 4840	928	cmd.exe	90
PID 928 wrote to memory of 1872	928	cmd.exe	91
PID 928 wrote to memory of 1872	928	cmd.exe	91
PID 928 wrote to memory of 740	928	cmd.exe	92
PID 928 wrote to memory of 740	928	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\v.182734.exe
"C:\Users\Admin\AppData\Local\Temp\v.182734.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\v.182734.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:928
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\v.182734.exe" MD5
    3⤵
    PID:4840
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:1872
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:740