80d38fee769b3665745a8a958f6275ad8dfef19b8244c490cb2d2668d8dbd81b

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2024 11:19

Target

80d38fee769b3665745a8a958f6275ad8dfef19b8244c490cb2d2668d8dbd81b.exe
Size

730KB
MD5

406f84283f0e58f34be199e1f8b1723b
SHA1

d9e2d8cc47902d92cccde3f762344e94bae3f297
SHA256

80d38fee769b3665745a8a958f6275ad8dfef19b8244c490cb2d2668d8dbd81b
SHA512

4c6ef6096d55a79d6a9350d579bdb257d6016a9af62639c9ed136afbddd3260822501954bfb6925091e2f91edb28800ced89133f5fc27e517e82d43395558ee3
SSDEEP

12288:7zFVK0LcDj3bXNJCVDdNcrAfteU3MA+PhtZ0VQzUYX8VFD:XewcDj3b9JCVJGA1em+Z0ywYI

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 1168	3492	80d38fee769b3665745a8a958f6275ad8dfef19b8244c490cb2d2668d8dbd81b.exe	84
PID 3492 wrote to memory of 1168	3492	80d38fee769b3665745a8a958f6275ad8dfef19b8244c490cb2d2668d8dbd81b.exe	84
PID 1168 wrote to memory of 4052	1168	cmd.exe	86
PID 1168 wrote to memory of 4052	1168	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\80d38fee769b3665745a8a958f6275ad8dfef19b8244c490cb2d2668d8dbd81b.exe
"C:\Users\Admin\AppData\Local\Temp\80d38fee769b3665745a8a958f6275ad8dfef19b8244c490cb2d2668d8dbd81b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Windows\system32\cmd.exe
  "cmd" /c "curl -s https://myip.ipip.net/"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1168
- - C:\Windows\system32\curl.exe
    curl -s https://myip.ipip.net/
    3⤵
    PID:4052