980eedf37a20994febd53496d8401f166ecfb9754f82ade7ca0e79a11c026822

Resubmissions

22-07-2024 13:14

22-07-2024 13:12

max time kernel
4s
max time network
6s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22-07-2024 13:14

Target

FrozenPerm_CRACKED.exe
Size

638KB
MD5

3b1be5455dcaa2c8b09e4efbbf759d23
SHA1

0dc4738036b65e711717b90ec194bc903101abd2
SHA256

980eedf37a20994febd53496d8401f166ecfb9754f82ade7ca0e79a11c026822
SHA512

f53e2d8686c34e9982a6acf8f62ea476b6263294cb5cc232ba17217e174956c279c4c5e1906fac0da188f34d83d6bf233120e9677fd2cdf751ca818dfd9fbcbf
SSDEEP

12288:mYhkUeQ8DYoqQi9PKEldxcHafAxkN3770vn4X7:mYcLYDQ6ZdxcHGZ37oQX7

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 4748	1976	FrozenPerm_CRACKED.exe	82
PID 1976 wrote to memory of 4748	1976	FrozenPerm_CRACKED.exe	82
PID 4748 wrote to memory of 4264	4748	cmd.exe	83
PID 4748 wrote to memory of 4264	4748	cmd.exe	83
PID 4748 wrote to memory of 2628	4748	cmd.exe	84
PID 4748 wrote to memory of 2628	4748	cmd.exe	84
PID 4748 wrote to memory of 3264	4748	cmd.exe	85
PID 4748 wrote to memory of 3264	4748	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\FrozenPerm_CRACKED.exe
"C:\Users\Admin\AppData\Local\Temp\FrozenPerm_CRACKED.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\FrozenPerm_CRACKED.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\FrozenPerm_CRACKED.exe" MD5
    3⤵
    PID:4264
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:2628
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:3264