aa02b480879101552034759d7d3865a7c1692b6d17dbda45631c24c1acf6d487

Analysis

max time kernel
62s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 23:10 UTC

Target

aa02b480879101552034759d7d3865a7c1692b6d17dbda45631c24c1acf6d487.exe
Size

119KB
MD5

6fdecd844b9dffee3856cef1b939e7c0
SHA1

0f3ad1d6242d8586e937e2ebadb079b7fe345018
SHA256

aa02b480879101552034759d7d3865a7c1692b6d17dbda45631c24c1acf6d487
SHA512

de66cf28ddee8eaee7de052e96c39f530c5eca3e785cf74a7a9020cb84107b122470363fc8de9ef90bf9418959af68fe53495b5952cfaab9e6493e76776ff017
SSDEEP

1536:E6p22GP/zOcLDZgTe6Ly63NmLVc0OX94uko2+Nz7kdSUxfnxN4zUd9Nc:ZpIPLOcXaTlwc0Ot4ujxtMzSk0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1744	1720	aa02b480879101552034759d7d3865a7c1692b6d17dbda45631c24c1acf6d487.exe	27
PID 1720 wrote to memory of 1744	1720	aa02b480879101552034759d7d3865a7c1692b6d17dbda45631c24c1acf6d487.exe	27
PID 1720 wrote to memory of 1744	1720	aa02b480879101552034759d7d3865a7c1692b6d17dbda45631c24c1acf6d487.exe	27

C:\Users\Admin\AppData\Local\Temp\aa02b480879101552034759d7d3865a7c1692b6d17dbda45631c24c1acf6d487.exe
"C:\Users\Admin\AppData\Local\Temp\aa02b480879101552034759d7d3865a7c1692b6d17dbda45631c24c1acf6d487.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 416
  2⤵
  PID:1744

memory/1720-54-0x000007FEF4430000-0x000007FEF4E53000-memory.dmp

Filesize
10.1MB

Download
memory/1720-55-0x000007FEF3390000-0x000007FEF4426000-memory.dmp

Filesize
16.6MB

Download
memory/1744-57-0x000007FEFBE61000-0x000007FEFBE63000-memory.dmp

Filesize
8KB

Download