f7cfec221ccb1e319d737b85bb03288da3f4f3d86837d49f8304cdbf5111025f

Analysis

max time kernel
231s
max time network
215s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-09-2024 06:46

Target

XPLOR V2.2/XPLOR V2.2.exe
Size

49KB
MD5

5c9f7c1266f93ee6e2dd1ed69903619e
SHA1

d4422086f0d650d080d6eff57d3b32761ad8121e
SHA256

b3089a382c397328b4218ec4a6984f0d2637da6cd7458c5802559581630a2bac
SHA512

039110d8e3d72f8a7530f4133b6fcfaa2f822d6e05a762c3516432e4197908b8f5c4e7f51d2676e8ad454628b846d1c76f83d1718cf6eb82b8282d0c5f825ca5
SSDEEP

768:a2+5PAMN+BZvPHRMyqHHakNDfCa88YsXRKLxmwfgkqwZJsTMQSk:a2AApmyqHHakNDs8YSULxmw40iM3

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 1936	2056	XPLOR V2.2.exe	81
PID 2056 wrote to memory of 1936	2056	XPLOR V2.2.exe	81
PID 1936 wrote to memory of 1928	1936	cmd.exe	82
PID 1936 wrote to memory of 1928	1936	cmd.exe	82
PID 2056 wrote to memory of 2820	2056	XPLOR V2.2.exe	83
PID 2056 wrote to memory of 2820	2056	XPLOR V2.2.exe	83
PID 2056 wrote to memory of 4100	2056	XPLOR V2.2.exe	85
PID 2056 wrote to memory of 4100	2056	XPLOR V2.2.exe	85

C:\Users\Admin\AppData\Local\Temp\XPLOR V2.2\XPLOR V2.2.exe
"C:\Users\Admin\AppData\Local\Temp\XPLOR V2.2\XPLOR V2.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c chcp 65001 > nul
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:1928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4100