2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 23:15

Target

2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe
Size

147KB
MD5

906f25620ee0c9b1adf6d7d19ad69342
SHA1

7a28d79828e7c4290467d51ca97286f6d2c8844a
SHA256

2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69
SHA512

db87a895a4bf48ff5c69f3ddec04fe6cc3007313eb33410e0db29085a38c9ca993a3bccfb01a412609866caf11d3aab9a563f128922fb1e05cb8f0e544fdf0b5
SSDEEP

3072:FCU60GyFMuLuY/vtFimz6hdi9ai2y4TT4XRnMN0CGtBluoguCXBs:FC5huLVcmz6kai2yS4XRnQ0rtmo

Score

1^/10

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1172	1976	2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe	26
PID 1976 wrote to memory of 1172	1976	2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe	26
PID 1976 wrote to memory of 1172	1976	2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe	26
PID 1976 wrote to memory of 1172	1976	2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe	26
PID 1172 wrote to memory of 1192	1172	net.exe	28
PID 1172 wrote to memory of 1192	1172	net.exe	28
PID 1172 wrote to memory of 1192	1172	net.exe	28
PID 1172 wrote to memory of 1192	1172	net.exe	28
PID 1976 wrote to memory of 616	1976	2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe	29
PID 1976 wrote to memory of 616	1976	2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe	29
PID 1976 wrote to memory of 616	1976	2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe	29
PID 1976 wrote to memory of 616	1976	2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe	29
PID 616 wrote to memory of 1108	616	net.exe	31
PID 616 wrote to memory of 1108	616	net.exe	31
PID 616 wrote to memory of 1108	616	net.exe	31
PID 616 wrote to memory of 1108	616	net.exe	31

C:\Users\Admin\AppData\Local\Temp\2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe
"C:\Users\Admin\AppData\Local\Temp\2df116b86632f277ba7291383760243813b3fe86e3cb7d67a48fec0f552c4f69.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\net.exe
  net stop wscsvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1172
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop wscsvc
    3⤵
    PID:1192
- C:\Windows\SysWOW64\net.exe
  net stop SharedAccess
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:616
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop SharedAccess
    3⤵
    PID:1108

memory/1976-54-0x0000000001E60000-0x0000000001EB1000-memory.dmp

Filesize
324KB

Download
memory/1976-55-0x00000000762B1000-0x00000000762B3000-memory.dmp

Filesize
8KB

Download
memory/1976-57-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/1976-58-0x0000000001E60000-0x0000000001EB1000-memory.dmp

Filesize
324KB

Download
memory/1976-62-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download