cefa12803b7cc26ef06e2d2a51257a3e3fd3766b3597c3b7189bc1427edb4bfb

Analysis

max time kernel
8s
max time network
9s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2024 14:32

Target

myst.exe
Size

2.4MB
MD5

b82a76863cdc66f920fcddac994e7c02
SHA1

d50f34a775d032027a3c3829f6bac4ba6488dc57
SHA256

cefa12803b7cc26ef06e2d2a51257a3e3fd3766b3597c3b7189bc1427edb4bfb
SHA512

42cf2285e667de746f9283a08f0b20af320c0cb660d5af6b64451971118d183d78281e2a10073505ac0df25afb33d6bb669ccc4746e05da01376748f63c8e61f
SSDEEP

49152:qe1xa04Cc0LwNo0KbHLNEKJKStbmJD3pWlGQXkwnXtd0M7xWV:q28cmo/8StbmJD3pWlGQXkW0

Score

1^/10

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 3020	3692	myst.exe	85
PID 3692 wrote to memory of 3020	3692	myst.exe	85
PID 3692 wrote to memory of 1364	3692	myst.exe	86
PID 3692 wrote to memory of 1364	3692	myst.exe	86
PID 1364 wrote to memory of 2584	1364	cmd.exe	87
PID 1364 wrote to memory of 2584	1364	cmd.exe	87
PID 1364 wrote to memory of 4536	1364	cmd.exe	88
PID 1364 wrote to memory of 4536	1364	cmd.exe	88
PID 1364 wrote to memory of 4400	1364	cmd.exe	89
PID 1364 wrote to memory of 4400	1364	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\myst.exe
"C:\Users\Admin\AppData\Local\Temp\myst.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\myst.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1364
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\myst.exe" MD5
    3⤵
    PID:2584
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4536
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:4400