37a6799876d2d46cfe916759d6a908368ea2506b116b7f88fbbaeb31e6d22fe5

Analysis

max time kernel
39s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 14:52

Target

37a6799876d2d46cfe916759d6a908368ea2506b116b7f88fbbaeb31e6d22fe5.exe
Size

252KB
MD5

6cd28b1633908b4730531db52fe4b340
SHA1

1e4b5271fb030525bb6d151035ff058e45974886
SHA256

37a6799876d2d46cfe916759d6a908368ea2506b116b7f88fbbaeb31e6d22fe5
SHA512

aa7e8281d0a22159ba0d999d76fab5d185179548bfbc2372465dfec577cfc6996949fc274d5086ddea41c8868ef2ea21c24efaeca05d4027e775cc6f0ff8fe28
SSDEEP

6144:z+273aul8PvZBzjyiSG/cdBdAzMz5tR919wxCYTadtLTg:V7q48nnCiSGMv/ba3Tac

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 1744	804	37a6799876d2d46cfe916759d6a908368ea2506b116b7f88fbbaeb31e6d22fe5.exe	28
PID 804 wrote to memory of 1744	804	37a6799876d2d46cfe916759d6a908368ea2506b116b7f88fbbaeb31e6d22fe5.exe	28
PID 804 wrote to memory of 1744	804	37a6799876d2d46cfe916759d6a908368ea2506b116b7f88fbbaeb31e6d22fe5.exe	28

C:\Users\Admin\AppData\Local\Temp\37a6799876d2d46cfe916759d6a908368ea2506b116b7f88fbbaeb31e6d22fe5.exe
"C:\Users\Admin\AppData\Local\Temp\37a6799876d2d46cfe916759d6a908368ea2506b116b7f88fbbaeb31e6d22fe5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 352
  2⤵
  PID:1744

memory/1744-55-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

Filesize
8KB

Download