cb31a5d713867991abf00acd7c8b6b782d78484347345c7a837c518ef5ac6c55

Analysis

max time kernel
106s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 13:58

Target

c5151a685db50623365fd7281ed748b0N.exe
Size

79KB
MD5

c5151a685db50623365fd7281ed748b0
SHA1

599806efa677b42c68f45ffdeeebd4fea42372f4
SHA256

cb31a5d713867991abf00acd7c8b6b782d78484347345c7a837c518ef5ac6c55
SHA512

c5b0a7bf1215364048fa193e64e3c2629caf49a7538560c4a8e01c9d80434bffb0a111b344a41d1283b48ce2cefed975a45d24ef4dd23c27ca7d033102d2a1bb
SSDEEP

1536:zvmMrCRpMyzLRMeNxOQA8AkqUhMb2nuy5wgIP0CSJ+5yeB8GMGlZ5G:zvUhhAGdqU7uy5w9WMyeN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4056	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 3696	4412	c5151a685db50623365fd7281ed748b0N.exe	85
PID 4412 wrote to memory of 3696	4412	c5151a685db50623365fd7281ed748b0N.exe	85
PID 4412 wrote to memory of 3696	4412	c5151a685db50623365fd7281ed748b0N.exe	85
PID 3696 wrote to memory of 4056	3696	cmd.exe	86
PID 3696 wrote to memory of 4056	3696	cmd.exe	86
PID 3696 wrote to memory of 4056	3696	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\c5151a685db50623365fd7281ed748b0N.exe
"C:\Users\Admin\AppData\Local\Temp\c5151a685db50623365fd7281ed748b0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3696
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4056

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ed002b1ed90e954dc1e2fdcc65050724

SHA1
6f0c1c3548d02631b322d811450ff553f8fab118

SHA256
dc0da4efe8dbfd461765c394160c1d14071ecc3c8405244e6566d0085209b7ab

SHA512
fd0b76b81748e438a80d0b192a8731af042dbd543d34598cca647438f5908bd06aba6eb4f0635791af65eeaeeff639b9654d4a57da5a92be700e7178d448c579

Download Submit
memory/4056-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4412-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download