b6818440a38afbd1fe55b5214290343a52ad921eeb7198613bd29b7c0ea30f2a

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 17:09

Target

c2.exe
Size

19KB
MD5

0271d1690be9ebbf67cf141b5be66c19
SHA1

97503a4ff7e07f23879f8f052cef7ed8ae00352f
SHA256

b6818440a38afbd1fe55b5214290343a52ad921eeb7198613bd29b7c0ea30f2a
SHA512

2011c7ddec8511d2085709fb54e1612389d4990b8adcac4a66b727705a686cb82576c465606f248b0fd15f91cac546fe42836a8fa485963472d38dc41702c4d5
SSDEEP

384:uyHVbXNghuMR+j5XEslarcoIUt+5IqhIcEawcUhHT7w5xI+D6+3RJE:ukvp5Iqqc0hHT7KI+D6+3DE

Score

1^/10

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 4692	4680	c2.exe	85
PID 4680 wrote to memory of 4692	4680	c2.exe	85
PID 4680 wrote to memory of 4520	4680	c2.exe	91
PID 4680 wrote to memory of 4520	4680	c2.exe	91
PID 4680 wrote to memory of 2044	4680	c2.exe	92
PID 4680 wrote to memory of 2044	4680	c2.exe	92
PID 4680 wrote to memory of 3528	4680	c2.exe	100
PID 4680 wrote to memory of 3528	4680	c2.exe	100
PID 4680 wrote to memory of 2420	4680	c2.exe	102
PID 4680 wrote to memory of 2420	4680	c2.exe	102
PID 4680 wrote to memory of 4032	4680	c2.exe	103
PID 4680 wrote to memory of 4032	4680	c2.exe	103
PID 4680 wrote to memory of 1968	4680	c2.exe	104
PID 4680 wrote to memory of 1968	4680	c2.exe	104
PID 4680 wrote to memory of 1656	4680	c2.exe	107
PID 4680 wrote to memory of 1656	4680	c2.exe	107
PID 4680 wrote to memory of 4896	4680	c2.exe	108
PID 4680 wrote to memory of 4896	4680	c2.exe	108
PID 4680 wrote to memory of 4368	4680	c2.exe	109
PID 4680 wrote to memory of 4368	4680	c2.exe	109
PID 4680 wrote to memory of 3076	4680	c2.exe	110
PID 4680 wrote to memory of 3076	4680	c2.exe	110
PID 4680 wrote to memory of 4784	4680	c2.exe	112
PID 4680 wrote to memory of 4784	4680	c2.exe	112
PID 4680 wrote to memory of 2816	4680	c2.exe	113
PID 4680 wrote to memory of 2816	4680	c2.exe	113
PID 4680 wrote to memory of 2708	4680	c2.exe	114
PID 4680 wrote to memory of 2708	4680	c2.exe	114
PID 4680 wrote to memory of 3348	4680	c2.exe	115
PID 4680 wrote to memory of 3348	4680	c2.exe	115
PID 4680 wrote to memory of 864	4680	c2.exe	116
PID 4680 wrote to memory of 864	4680	c2.exe	116

C:\Users\Admin\AppData\Local\Temp\c2.exe
"C:\Users\Admin\AppData\Local\Temp\c2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 1r40.cz
  2⤵
  PID:4692
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 9y88.cz
  2⤵
  PID:4520
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 2o55.cz
  2⤵
  PID:2044
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 1c11.cz
  2⤵
  PID:3528
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 5r76.cz
  2⤵
  PID:2420
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 1e23.cz
  2⤵
  PID:4032
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 2h16.cz
  2⤵
  PID:1968
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 8u76.cz
  2⤵
  PID:1656
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 1n92.cz
  2⤵
  PID:4896
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 7y54.cz
  2⤵
  PID:4368
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 3l23.cz
  2⤵
  PID:3076
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 3o11.cz
  2⤵
  PID:4784
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 3s74.cz
  2⤵
  PID:2816
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 2h79.cz
  2⤵
  PID:2708
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 3q98.cz
  2⤵
  PID:3348
- C:\Windows\SYSTEM32\nslookup.exe
  nslookup -q=A 6k02.cz
  2⤵
  PID:864