8abb414fba8d5845687264e640a4a5a034ce0cbf2db2aaeff8a067efa37da2fe

Analysis

max time kernel
150s
max time network
135s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/07/2024, 14:12

Target

cyto.exe
Size

1.6MB
MD5

2dbd98e8e598e55a2b6f19fa074e9ff6
SHA1

3f39e3d0058bdff0547ecc96b78741a91dd2e592
SHA256

8abb414fba8d5845687264e640a4a5a034ce0cbf2db2aaeff8a067efa37da2fe
SHA512

febec96886137a5b8170a0016647ab7cf3815a0721986d274d0cd13f58c2aca0ff3377bd5672463eb65110d90e0b350ebd40ae7a9399e4e7b8e5d26244453d41
SSDEEP

24576:M4jXJo4PaqWXWcHBAmOKQ4J4cio1UAgVnZgJ1xwGjoU+0Cs80djSjxKTmfNf:dXJo4PIIKs8WtxqxBoUZCs80djytf

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 3820	4384	cyto.exe	74
PID 4384 wrote to memory of 3820	4384	cyto.exe	74
PID 3820 wrote to memory of 212	3820	cmd.exe	75
PID 3820 wrote to memory of 212	3820	cmd.exe	75
PID 3820 wrote to memory of 3844	3820	cmd.exe	76
PID 3820 wrote to memory of 3844	3820	cmd.exe	76
PID 3820 wrote to memory of 32	3820	cmd.exe	77
PID 3820 wrote to memory of 32	3820	cmd.exe	77

C:\Users\Admin\AppData\Local\Temp\cyto.exe
"C:\Users\Admin\AppData\Local\Temp\cyto.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\cyto.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3820
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\cyto.exe" MD5
    3⤵
    PID:212
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:3844
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:32