56eaeb544a5b324a1b498dc1839a346277ea0ba6840f6d5ceb898b823f14d2d5

Analysis

max time kernel
102s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:12

Target

72f303c6485d038f4cfbf6150660f36e3de8818fe65d3451573dd1f8722ec11a.exe
Size

68.0MB
MD5

301ab254348c4beb03c43663c51b8c8b
SHA1

e6c668de0c643232b01c86fd8060ea2caacfca99
SHA256

72f303c6485d038f4cfbf6150660f36e3de8818fe65d3451573dd1f8722ec11a
SHA512

8d8c39a1280683c1d05d71f8c49bd22679463ffa64ecbd60319832d3de6e209473d748d72a81e0cb2a5d71823ea70c9edd273afb488ab9a625222483914ad46b
SSDEEP

1572864:+1YnA7A8R7tqEwTDYKJbQ0JxcgjnrUBOO8CPOLJreZq+hhXcI:+10A7B+DYKJbndjnoH8MhhXcI

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4244	svqyv4ey.exe

Delays execution with timeout.exe 1 IoCs

defense_evasion

pid	Process
3520	timeout.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2280	2184	72f303c6485d038f4cfbf6150660f36e3de8818fe65d3451573dd1f8722ec11a.exe	88
PID 2184 wrote to memory of 2280	2184	72f303c6485d038f4cfbf6150660f36e3de8818fe65d3451573dd1f8722ec11a.exe	88
PID 2280 wrote to memory of 3520	2280	cmd.exe	90
PID 2280 wrote to memory of 3520	2280	cmd.exe	90
PID 2280 wrote to memory of 4244	2280	cmd.exe	91
PID 2280 wrote to memory of 4244	2280	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\72f303c6485d038f4cfbf6150660f36e3de8818fe65d3451573dd1f8722ec11a.exe
"C:\Users\Admin\AppData\Local\Temp\72f303c6485d038f4cfbf6150660f36e3de8818fe65d3451573dd1f8722ec11a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp7DEA.tmp.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Windows\system32\timeout.exe
    timeout 4
    3⤵
    - Delays execution with timeout.exe
    PID:3520
- - C:\ProgramData\Infrastructure protection\svqyv4ey.exe
    "C:\ProgramData\Infrastructure protection\svqyv4ey.exe"
    3⤵
    - Executes dropped EXE
    PID:4244

C:\Users\Admin\AppData\Local\Temp\tmp7DEA.tmp.bat

Filesize
353B

MD5
cd0cc13794f00d4b7f54318b038b0d75

SHA1
c2563427654cf6974b3d29b50e92ad6c5249d337

SHA256
5fc21046c5ec15fca2fdcd00885956462a5a4907e29b131a329945bd2e211dad

SHA512
7744ff9cc1a8bb38e44dbb04f155234a1a0c07a8404a34fd0644525711e4b4ff5fcbb32ac235d878699741f7d62cbcdfa2e6014ecb21e787e626aa425a3ecc27

Download Submit
memory/2184-1-0x0000000000720000-0x0000000000728000-memory.dmp

Filesize
32KB

Download
memory/2184-0-0x00007FFF4E0B3000-0x00007FFF4E0B5000-memory.dmp

Filesize
8KB

Download
memory/4244-10-0x00007FFF4D850000-0x00007FFF4E311000-memory.dmp

Filesize
10.8MB

Download
memory/4244-11-0x00007FFF4D850000-0x00007FFF4E311000-memory.dmp

Filesize
10.8MB

Download