da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8

Analysis

max time kernel
8s
max time network
30s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 12:06

Target

da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8.exe
Size

123KB
MD5

6ad08b6c9cb7e4490b085420e684cecc
SHA1

8142f87edd98eda503b2198e97fe24f51d2a36c5
SHA256

da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8
SHA512

392d78ac648d25fc2aef9a54a0dae3bfb3bd89b325facac37fdb2fafede22f477c55877fcbf9cc2d41122a4884d9b751ed0dfc9d6d6973913e684024eed9b71e
SSDEEP

3072:uUftjxUtuQAePyw5KxPGwgRLUkb4ZMZH:uIdXQ/Pyw5u7gRLUk8ZMZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 4696	1596	da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8.exe	80
PID 1596 wrote to memory of 4696	1596	da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8.exe	80
PID 1596 wrote to memory of 4696	1596	da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8.exe	80

C:\Users\Admin\AppData\Local\Temp\da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8.exe
"C:\Users\Admin\AppData\Local\Temp\da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Users\Admin\AppData\Local\Temp\da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8.exe
  "C:\Users\Admin\AppData\Local\Temp\da0896b661bc8006bbb25c9f9b7f7e02cd17066085b81a7a9a2e74f7b22a8fc8.exe"
  2⤵
  PID:4696

memory/1596-132-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download