57be47bb3862bf31f024d9deeefaaeb4a6d7fd7742aff0b4166ee63166df7eae

Analysis

max time kernel
37s
max time network
41s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
21/09/2024, 16:50

Target

PrivacyProtectorL2k.exe
Size

750KB
MD5

4e6620ceed281c77c7e000b8b2f5adba
SHA1

c3eab179039e8df18c860adb48ac585d16a05c9e
SHA256

57be47bb3862bf31f024d9deeefaaeb4a6d7fd7742aff0b4166ee63166df7eae
SHA512

6efaf57751612c004b1d7759dfc3dda325cd080b3fae449e39c3c77419cf4c2e1226f9f95d9f322096a397ea61df798c1e9376dd7914efa9e608825fa80078a3
SSDEEP

12288:RISwLYeb4DTBXSN6Mk3bd1WaHZ9ZU0nTlSbjTmwi+q5nuHIE/I:aSwLYeb4DTBXS8bdIa5lnTlS3Tti/PE

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 3944	4416	PrivacyProtectorL2k.exe	71
PID 4416 wrote to memory of 3944	4416	PrivacyProtectorL2k.exe	71
PID 3944 wrote to memory of 4780	3944	cmd.exe	72
PID 3944 wrote to memory of 4780	3944	cmd.exe	72
PID 3944 wrote to memory of 4760	3944	cmd.exe	73
PID 3944 wrote to memory of 4760	3944	cmd.exe	73
PID 3944 wrote to memory of 4844	3944	cmd.exe	74
PID 3944 wrote to memory of 4844	3944	cmd.exe	74

C:\Users\Admin\AppData\Local\Temp\PrivacyProtectorL2k.exe
"C:\Users\Admin\AppData\Local\Temp\PrivacyProtectorL2k.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\PrivacyProtectorL2k.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3944
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\PrivacyProtectorL2k.exe" MD5
    3⤵
    PID:4780
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4760
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:4844