980eedf37a20994febd53496d8401f166ecfb9754f82ade7ca0e79a11c026822

Resubmissions

22/07/2024, 13:14

22/07/2024, 13:12

max time kernel
15s
max time network
18s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22/07/2024, 13:14

Target

FrozenPerm_CRACKED.exe
Size

638KB
MD5

3b1be5455dcaa2c8b09e4efbbf759d23
SHA1

0dc4738036b65e711717b90ec194bc903101abd2
SHA256

980eedf37a20994febd53496d8401f166ecfb9754f82ade7ca0e79a11c026822
SHA512

f53e2d8686c34e9982a6acf8f62ea476b6263294cb5cc232ba17217e174956c279c4c5e1906fac0da188f34d83d6bf233120e9677fd2cdf751ca818dfd9fbcbf
SSDEEP

12288:mYhkUeQ8DYoqQi9PKEldxcHafAxkN3770vn4X7:mYcLYDQ6ZdxcHGZ37oQX7

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 2424	860	FrozenPerm_CRACKED.exe	75
PID 860 wrote to memory of 2424	860	FrozenPerm_CRACKED.exe	75
PID 2424 wrote to memory of 3032	2424	cmd.exe	76
PID 2424 wrote to memory of 3032	2424	cmd.exe	76
PID 2424 wrote to memory of 3188	2424	cmd.exe	77
PID 2424 wrote to memory of 3188	2424	cmd.exe	77
PID 2424 wrote to memory of 1396	2424	cmd.exe	78
PID 2424 wrote to memory of 1396	2424	cmd.exe	78

C:\Users\Admin\AppData\Local\Temp\FrozenPerm_CRACKED.exe
"C:\Users\Admin\AppData\Local\Temp\FrozenPerm_CRACKED.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\FrozenPerm_CRACKED.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\FrozenPerm_CRACKED.exe" MD5
    3⤵
    PID:3032
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:3188
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1396