dff8280e1376191112435176cac51c83fb64855d622cc3f70c995c1e0d4e52ee

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 05:59

Target

dff8280e1376191112435176cac51c83fb64855d622cc3f70c995c1e0d4e52ee.exe
Size

79KB
MD5

1194f1c7cbaba54e427c16c0832c2845
SHA1

43c4eb71f77f7c697a5d357a79b37d79acdd979e
SHA256

dff8280e1376191112435176cac51c83fb64855d622cc3f70c995c1e0d4e52ee
SHA512

7da64db83b51ec5c7c0007afde81c6c893a0831782a4595ec03d04ea1bd86829e84da0f3ad95417b1dd5ddfb5bdab5e689ff0cfbda68d211c4f7ed27cc362a92
SSDEEP

1536:zv0IyKTCCJD59fkOQA8AkqUhMb2nuy5wgIP0CSJ+5ysbB8GMGlZ5G:zvLmkxGdqU7uy5w9WMysbN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2372	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 4660	4216	dff8280e1376191112435176cac51c83fb64855d622cc3f70c995c1e0d4e52ee.exe	83
PID 4216 wrote to memory of 4660	4216	dff8280e1376191112435176cac51c83fb64855d622cc3f70c995c1e0d4e52ee.exe	83
PID 4216 wrote to memory of 4660	4216	dff8280e1376191112435176cac51c83fb64855d622cc3f70c995c1e0d4e52ee.exe	83
PID 4660 wrote to memory of 2372	4660	cmd.exe	84
PID 4660 wrote to memory of 2372	4660	cmd.exe	84
PID 4660 wrote to memory of 2372	4660	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\dff8280e1376191112435176cac51c83fb64855d622cc3f70c995c1e0d4e52ee.exe
"C:\Users\Admin\AppData\Local\Temp\dff8280e1376191112435176cac51c83fb64855d622cc3f70c995c1e0d4e52ee.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4660
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2372

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
10db6c7918504a71d2af57da525d54c8

SHA1
5db54dedb1975323d85d83b3b31d5457e4a28c41

SHA256
d4da7d557acccfa63d473fd147e69dd3bca043191ce9dbd6ee4c135bcaa04898

SHA512
9b32ce8db47a1759fe19dc42798ad2013b2dd53e104bf38071fe06bcc2b60219cd8dcd2ec9d3fb12586c4b249abb40aef799321f54ad7c07c6757f2089691235

Download Submit
memory/2372-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4216-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download