c28903105180733cc90a482d93357fd8568f27a9586d474e89ad8c07f08dc18c

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 13:01

Target

Destroyer Virus USB.exe
Size

117KB
MD5

5958d294baf9c137e5f47d4aabcf5d4c
SHA1

de92d8f9bb58fbd3aed359c8c1db0e182302e341
SHA256

72ecf16f64695ff76b146d8ed148860af98bbf5014c630be7a24c78372ebfa68
SHA512

c5cd4647375dad06fea4133f9e5e411e9e3ad02be5d98a1b580046a590f55cc28e4f25cc4fb1cee04e8d7765f3b3ad2d3c068add7c8caa1563eabe73d54fb376
SSDEEP

1536:VQQ2aTmzPfYPZrk5SORqgNAPkL+Z2AQt2x99sUXvqvLGzZbndcThU:VQQ2aS7udiXqgNU++Z2F2x99PfN7ChU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 224	3688	Destroyer Virus USB.exe	84
PID 3688 wrote to memory of 224	3688	Destroyer Virus USB.exe	84
PID 3688 wrote to memory of 224	3688	Destroyer Virus USB.exe	84

C:\Users\Admin\AppData\Local\Temp\Destroyer Virus USB.exe
"C:\Users\Admin\AppData\Local\Temp\Destroyer Virus USB.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~5CC6.bat "C:\Users\Admin\AppData\Local\Temp\Destroyer Virus USB.exe"
  2⤵
  PID:224

C:\Users\Admin\AppData\Local\Temp\~5CC6.bat

Filesize
30KB

MD5
fd6a18fb5c33b8047011e8c48e983cd3

SHA1
72ab6bf5be2ba4405e6ef52bcb9584ee8120fe91

SHA256
c85a105e29c7cb3cc612d5eefb17a261ad8e326be8138d1808311bdca193706f

SHA512
73d8bc447074f9510f247200c6b894664149ca394c47618742afae381cf44a01727407200cdeb04ae4650260df95232d1b8bf32b8c24037fd4ec0f31499c86e3

Download Submit
memory/3688-3-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download