be0b623ffb679efa4b1f1174a00504e5c340fd15d6ca3c9a5aabadd5eba345b2

Analysis

max time kernel
111s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 05:40

Target

be0b623ffb679efa4b1f1174a00504e5c340fd15d6ca3c9a5aabadd5eba345b2.exe
Size

1.1MB
MD5

5140bade5f757ccabb8936da289e78d0
SHA1

c3fd78c103e9e204397781e391d81f872b19590f
SHA256

be0b623ffb679efa4b1f1174a00504e5c340fd15d6ca3c9a5aabadd5eba345b2
SHA512

70c267edc1d77eb20c96994180f68410feed3d2eb7de2ed1644dee0a179f196bded5a188ceb4436d49e07dacad7ca17b54c16a7c2bfc966a9553d60761c03450
SSDEEP

12288:QklM+toC7y22GUHs/4b29CdotMhF3Z4mxxynUqGGGkYThd5UcOI/9iDMlDd/:QklV76hs/tGQmX2UVGGk6PrOI/8DMlD

Score

4^/10

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\FieleWay.txt	be0b623ffb679efa4b1f1174a00504e5c340fd15d6ca3c9a5aabadd5eba345b2.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 1292	4796	be0b623ffb679efa4b1f1174a00504e5c340fd15d6ca3c9a5aabadd5eba345b2.exe	82
PID 4796 wrote to memory of 1292	4796	be0b623ffb679efa4b1f1174a00504e5c340fd15d6ca3c9a5aabadd5eba345b2.exe	82

C:\Users\Admin\AppData\Local\Temp\be0b623ffb679efa4b1f1174a00504e5c340fd15d6ca3c9a5aabadd5eba345b2.exe
"C:\Users\Admin\AppData\Local\Temp\be0b623ffb679efa4b1f1174a00504e5c340fd15d6ca3c9a5aabadd5eba345b2.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4796
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  PID:1292

memory/4796-132-0x0000000000B90000-0x0000000000BE4000-memory.dmp

Filesize
336KB

Download