37f96b32d050dadcc930a639eba68e1ccd57ed5c04a5f77dfca908f01905a4c5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 09:02

Target

goodbyedpi-0.2.3rc3-2/1_russia_blacklist_YOUTUBE.cmd
Size

420B
MD5

55e68f566514148bcf844524b4e99041
SHA1

8b1d5715cf9a1513b6db9d74270b20266c047c9e
SHA256

2712d7700e2f3217e826412a5a773487f08a41451849722ffaa08841b8684496
SHA512

075cd6dbe158028bbc315591c69a9554c80dd50c510457f802e5f4f1b34104eefb1113f165061c21c07fecb70bd0d8e7170a97aa3e08107a98eead2b2f7473f0

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 4192	2780	cmd.exe	84
PID 2780 wrote to memory of 4192	2780	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\goodbyedpi-0.2.3rc3-2\1_russia_blacklist_YOUTUBE.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Users\Admin\AppData\Local\Temp\goodbyedpi-0.2.3rc3-2\x86_64\goodbyedpi.exe
  goodbyedpi.exe -9 --fake-gen 5 --fake-from-hex 160301FFFF01FFFFFF0303594F5552204144564552544953454D454E542048455245202D202431302F6D6F000000000009000000050003000000 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
  2⤵
  PID:4192

memory/4192-0-0x00007FF7C6580000-0x00007FF7C65A2000-memory.dmp

Filesize
136KB

Download
memory/4192-1-0x0000000062800000-0x0000000062813000-memory.dmp

Filesize
76KB

Download
memory/4192-2-0x00007FF7C6580000-0x00007FF7C65A2000-memory.dmp

Filesize
136KB

Download