77f7f61665afffa4bb584b015150c9f2586ffdde1adc1ffd4da6e25e50383434

Analysis

max time kernel
7s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 14:27

Target

Maze.exe
Size

35.3MB
MD5

54eccaa5b4756f8643b1b78616b1055f
SHA1

fc3f175af7a520a6fe5d0dbdaf71470d3248b11c
SHA256

77f7f61665afffa4bb584b015150c9f2586ffdde1adc1ffd4da6e25e50383434
SHA512

84a4093c0e89e96708e8a63446a55eda71a0334cf1bb874914c6bd2c8a6168fc1647a6cbeed15aeb169c6568ae256be9cc5ef02d1892fe852757846431aa7d1b
SSDEEP

786432:T+gX4BMdhwzTQXRbFbPpYFcSS5U/LT2KRVy45S31gDACBd6MVc:dXGMK4XRhbxSCU/+Oy45SSDArMV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1476	1504	Maze.exe	26
PID 1504 wrote to memory of 1476	1504	Maze.exe	26
PID 1504 wrote to memory of 1476	1504	Maze.exe	26

C:\Users\Admin\AppData\Local\Temp\Maze.exe
"C:\Users\Admin\AppData\Local\Temp\Maze.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Users\Admin\AppData\Local\Temp\Maze.exe
  "C:\Users\Admin\AppData\Local\Temp\Maze.exe"
  2⤵
  PID:1476

C:\Users\Admin\AppData\Local\Temp\_MEI15042\python39.dll

Filesize
1.4MB

MD5
087824b28c64b56ae166b3754e64579f

SHA1
ebc3e5def1c9214b3fb80352cdf06f5b65757648

SHA256
aa3d23b29de0121d080746ae161c469da7776dce90bd5e704d67752b0f5ebf5b

SHA512
bc27dc8cc08a3bb0c5de8a4cb28b8394b10a2131d2eec0502a94eba10403552f95336b0ad19618ec3da0e8dc84e8d9d9ea8b4a5c74c0caada67c7d2a32420acc

Download Submit
memory/1504-54-0x000007FEFC141000-0x000007FEFC143000-memory.dmp

Filesize
8KB

Download