6cc53e5936919f1fa448e682799c62cc05b2183e4df9bddd49d3f8bc0405cf19

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 07:32

Target

6cc53e5936919f1fa448e682799c62cc05b2183e4df9bddd49d3f8bc0405cf19.exe
Size

102KB
MD5

5b0bbd26bfd2e067928e51dbd499c7b0
SHA1

5d2502b4999e78eb1d8179a199c84a8a9be8873f
SHA256

6cc53e5936919f1fa448e682799c62cc05b2183e4df9bddd49d3f8bc0405cf19
SHA512

c9092f3591279c7459ca1d26553cc16ca87edcfac97b7ac18639d0154de68b919d47e595b49c28177c5a72819b4c406f6c23f258aae443e72df8ac361d32c6e9
SSDEEP

3072:H7R/RBkDkRjQ6p+XlX9d9+Dw9IlWK0X78:HNfkcQ6ox9+Dw+gX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 560	308	6cc53e5936919f1fa448e682799c62cc05b2183e4df9bddd49d3f8bc0405cf19.exe	27
PID 308 wrote to memory of 560	308	6cc53e5936919f1fa448e682799c62cc05b2183e4df9bddd49d3f8bc0405cf19.exe	27
PID 308 wrote to memory of 560	308	6cc53e5936919f1fa448e682799c62cc05b2183e4df9bddd49d3f8bc0405cf19.exe	27

C:\Users\Admin\AppData\Local\Temp\6cc53e5936919f1fa448e682799c62cc05b2183e4df9bddd49d3f8bc0405cf19.exe
"C:\Users\Admin\AppData\Local\Temp\6cc53e5936919f1fa448e682799c62cc05b2183e4df9bddd49d3f8bc0405cf19.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:308
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 460
  2⤵
  PID:560

memory/308-54-0x000007FEF3C00000-0x000007FEF4623000-memory.dmp

Filesize
10.1MB

Download
memory/308-55-0x000007FEF2B60000-0x000007FEF3BF6000-memory.dmp

Filesize
16.6MB

Download
memory/560-57-0x000007FEFB651000-0x000007FEFB653000-memory.dmp

Filesize
8KB

Download