0347cebe09dcadf49e0472633e9be579f0e1fbbb995bb8ecb226588bff3e1d2c

Resubmissions

22-08-2024 22:17

22-08-2024 22:14

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 22:17

Target

porn.exe
Size

1.4MB
MD5

23ae8a019fcc2c7121039a875337ec12
SHA1

5e7931ab65d93e51bd456f1af40e4565f6d9ef8d
SHA256

0347cebe09dcadf49e0472633e9be579f0e1fbbb995bb8ecb226588bff3e1d2c
SHA512

5d6f96d98e47fc37e0cacab29770b9b11c3495d9d95072c042c52abaafe6fe5defbacb8e419af9d39fd758fa3e12c852f88e20484a88fe7d47cc889d26454699
SSDEEP

24576:E6qsgabtl9T8Nx6AQ8DSoRPm/Rwn4o60OegX7Aozptl72NkoV:is9bnuNzv+DenO0Ervzd2Nkw

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2400	2628	porn.exe	31
PID 2628 wrote to memory of 2400	2628	porn.exe	31
PID 2628 wrote to memory of 2400	2628	porn.exe	31
PID 2400 wrote to memory of 2460	2400	cmd.exe	33
PID 2400 wrote to memory of 2460	2400	cmd.exe	33
PID 2400 wrote to memory of 2460	2400	cmd.exe	33
PID 2400 wrote to memory of 2296	2400	cmd.exe	34
PID 2400 wrote to memory of 2296	2400	cmd.exe	34
PID 2400 wrote to memory of 2296	2400	cmd.exe	34
PID 2400 wrote to memory of 2484	2400	cmd.exe	35
PID 2400 wrote to memory of 2484	2400	cmd.exe	35
PID 2400 wrote to memory of 2484	2400	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\porn.exe
"C:\Users\Admin\AppData\Local\Temp\porn.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\porn.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\porn.exe" MD5
    3⤵
    PID:2460
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:2296
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:2484