ff3a3ca5694628a94686996d09265e755880e21b65ff9920b87559d9448e5a43

Analysis

max time kernel
133s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 23:01

Target

Duplicata_29644.exe
Size

55KB
MD5

d1b0ea1f8a5f5aa158cba47c4a37ea37
SHA1

19a0087bd66a24f13005d973128123ac6ade6855
SHA256

1dd7179f4e247bec26e88c569c9c3446146752a32ea6aef254b1e236266e96ca
SHA512

40e5573548fe2560a6c6b9f5a8807ef3d98bd62e848a97e4c4b6dc5bccb486361ca4222626905f92206481dc786b5a8cd830ae85bc125191d4343f2d5b327280
SSDEEP

1536:b1q04Q2yqs6JlaN8drqX8mqSmumJX5kMd2OxyltZx:q7ysJDdun7mumJX5kMsOxyltZx

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3272	bling.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 4628	1724	Duplicata_29644.exe	80
PID 1724 wrote to memory of 4628	1724	Duplicata_29644.exe	80
PID 1724 wrote to memory of 4628	1724	Duplicata_29644.exe	80
PID 1724 wrote to memory of 3172	1724	Duplicata_29644.exe	82
PID 1724 wrote to memory of 3172	1724	Duplicata_29644.exe	82
PID 1724 wrote to memory of 3172	1724	Duplicata_29644.exe	82
PID 3172 wrote to memory of 3272	3172	CMD.exe	84
PID 3172 wrote to memory of 3272	3172	CMD.exe	84
PID 3172 wrote to memory of 3272	3172	CMD.exe	84

C:\Users\Admin\AppData\Local\Temp\Duplicata_29644.exe
"C:\Users\Admin\AppData\Local\Temp\Duplicata_29644.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\CMD.exe
  CMD /C Copy C:\Users\Admin\AppData\Local\Temp\DUPLIC~1.EXE C:\Users\Admin\AppData\Local\Temp\bling.exe
  2⤵
  PID:4628
- C:\Windows\SysWOW64\CMD.exe
  CMD /C Start C:\Users\Admin\AppData\Local\Temp\bling.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3172
- - C:\Users\Admin\AppData\Local\Temp\bling.exe
    C:\Users\Admin\AppData\Local\Temp\bling.exe
    3⤵
    - Executes dropped EXE
    PID:3272

C:\Users\Admin\AppData\Local\Temp\bling.exe

Filesize
55KB

MD5
d1b0ea1f8a5f5aa158cba47c4a37ea37

SHA1
19a0087bd66a24f13005d973128123ac6ade6855

SHA256
1dd7179f4e247bec26e88c569c9c3446146752a32ea6aef254b1e236266e96ca

SHA512
40e5573548fe2560a6c6b9f5a8807ef3d98bd62e848a97e4c4b6dc5bccb486361ca4222626905f92206481dc786b5a8cd830ae85bc125191d4343f2d5b327280

Download Submit
memory/1724-5-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3272-6-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3272-7-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3272-10-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3272-12-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3272-14-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3272-16-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3272-19-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download