8e9e04b4a6e427871eae03992316ffdeecb35665ecd9ae184a413d36c230bd47

Resubmissions

04/09/2024, 18:51

max time kernel
93s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/09/2024, 18:51

Target

silence-workspace.exe
Size

1.5MB
MD5

4a2adc26ea67a3487a8ca01eee7450b6
SHA1

aa40428a4ae8fcfd428a68f11a243172a8310f12
SHA256

8e9e04b4a6e427871eae03992316ffdeecb35665ecd9ae184a413d36c230bd47
SHA512

7c91ed17a0c86e7aea4d65303ae2ba1b082f191f1b1c6593a7ac84b7f636a10db2902204f0f44d7450b0431b00b812c911590ec13f3a37910b76f988d0cf2651
SSDEEP

24576:rL9CRubQyo56XR5PlApBov42LTOkJaKBQwCCeF/JMDhboUY8da0VKxy:ucQyo5C5NgD2SkQwClrMboUpa0L

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 4960	5092	silence-workspace.exe	81
PID 5092 wrote to memory of 4960	5092	silence-workspace.exe	81
PID 4960 wrote to memory of 4972	4960	cmd.exe	82
PID 4960 wrote to memory of 4972	4960	cmd.exe	82
PID 4960 wrote to memory of 2984	4960	cmd.exe	83
PID 4960 wrote to memory of 2984	4960	cmd.exe	83
PID 4960 wrote to memory of 2616	4960	cmd.exe	84
PID 4960 wrote to memory of 2616	4960	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\silence-workspace.exe
"C:\Users\Admin\AppData\Local\Temp\silence-workspace.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\silence-workspace.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4960
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\silence-workspace.exe" MD5
    3⤵
    PID:4972
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:2984
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:2616