ffefd0c9627f34d5d6b32b3c09c44213e7ba44b007ce91c5153a27c37ed1bdc9

Analysis

max time kernel
34s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 15:18

Target

ffefd0c9627f34d5d6b32b3c09c44213e7ba44b007ce91c5153a27c37ed1bdc9.exe
Size

42KB
MD5

64fbc53d170212a7afe5caf13d4d9b93
SHA1

e2e73dd7a095cd60f3c128c1b36d0e7f7351cc49
SHA256

ffefd0c9627f34d5d6b32b3c09c44213e7ba44b007ce91c5153a27c37ed1bdc9
SHA512

1af271dc66c9cbb2e0868f9742dc75d63695e9263524c2f2d53a1af356244dffe245faf311b4c967ed362f0407f12f89e3d2c0821c98716f73d5018001b629cb
SSDEEP

768:P6l7DDTBeid/TeiZRVWRBwkXno0L7UTLuSn1UDe:SltXkXo8UTaSGe

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1672	ffefd0c9627f34d5d6b32b3c09c44213e7ba44b007ce91c5153a27c37ed1bdc9.exe
1672	ffefd0c9627f34d5d6b32b3c09c44213e7ba44b007ce91c5153a27c37ed1bdc9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1260	1672	ffefd0c9627f34d5d6b32b3c09c44213e7ba44b007ce91c5153a27c37ed1bdc9.exe	14
PID 1672 wrote to memory of 1260	1672	ffefd0c9627f34d5d6b32b3c09c44213e7ba44b007ce91c5153a27c37ed1bdc9.exe	14
PID 1672 wrote to memory of 1260	1672	ffefd0c9627f34d5d6b32b3c09c44213e7ba44b007ce91c5153a27c37ed1bdc9.exe	14
PID 1672 wrote to memory of 1260	1672	ffefd0c9627f34d5d6b32b3c09c44213e7ba44b007ce91c5153a27c37ed1bdc9.exe	14

memory/1260-56-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1672-54-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1672-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download
memory/1672-59-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1672-60-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download