e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064

Analysis

max time kernel
141s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 18:40

Target

e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe
Size

1.7MB
MD5

8f3862191232959fc941afd4c2943b86
SHA1

edc93c5d1fa686eea9e264905b2840bfe699e3fd
SHA256

e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064
SHA512

70f1101af6120d624bd29d8228fed3d2a3bfbccaa1beecbdc0ffc740c1df23e86ff8569d28395431ae0efc8f921d2b6bb3bdcc0cb7bca89e9a835409d4a2bca9
SSDEEP

49152:y4TrJANOZtUWtr4CiVKyWtsPNdxfAeDFyQoo4I6+uyF6:ylNOHtr4CiVKyWtsPNVDFTohGL

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1512	e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe
1512	e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe
1512	e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe
1512	e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 388	1512	e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe	91
PID 1512 wrote to memory of 388	1512	e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe	91
PID 388 wrote to memory of 1740	388	cmd.exe	93
PID 388 wrote to memory of 1740	388	cmd.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4352,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:8
1⤵
PID:4272

memory/1512-0-0x0000000180000000-0x00000001801EA000-memory.dmp

Filesize
1.9MB

Download