081a548f84f6fedd4c35ba42f268783531643b3e534b59198f4e5f6d7d7a09f9

Analysis

max time kernel
34s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 16:23

Target

081a548f84f6fedd4c35ba42f268783531643b3e534b59198f4e5f6d7d7a09f9.exe
Size

94KB
MD5

915f2b5aeab85874ee1e9b59dc8b4090
SHA1

6953d7695bc9844c03ec3c4ff3266199d8bb6bd2
SHA256

081a548f84f6fedd4c35ba42f268783531643b3e534b59198f4e5f6d7d7a09f9
SHA512

048393440e64ad1f2128dc69e7584514d6eb3e747929b2a2efd82b4bdc6bd5ef7a07bbd413ad5df2d30432d7a4eb81d1b8ec2d308d14ce3133b22b0187091454
SSDEEP

1536:esbdy+wOUZe8KpNvpd0hpUiPGR2dZl8HDouq2jXb0R9oiil8LgBiCfDogAI9BToq:eqBwOUpWDdpiPfcj7njXyrtsBiGDGIXz

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1992	900	081a548f84f6fedd4c35ba42f268783531643b3e534b59198f4e5f6d7d7a09f9.exe	27
PID 900 wrote to memory of 1992	900	081a548f84f6fedd4c35ba42f268783531643b3e534b59198f4e5f6d7d7a09f9.exe	27
PID 900 wrote to memory of 1992	900	081a548f84f6fedd4c35ba42f268783531643b3e534b59198f4e5f6d7d7a09f9.exe	27
PID 900 wrote to memory of 1992	900	081a548f84f6fedd4c35ba42f268783531643b3e534b59198f4e5f6d7d7a09f9.exe	27

C:\Users\Admin\AppData\Local\Temp\081a548f84f6fedd4c35ba42f268783531643b3e534b59198f4e5f6d7d7a09f9.exe
"C:\Users\Admin\AppData\Local\Temp\081a548f84f6fedd4c35ba42f268783531643b3e534b59198f4e5f6d7d7a09f9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 372
  2⤵
  PID:1992

memory/900-54-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/900-55-0x0000000074D70000-0x000000007531B000-memory.dmp

Filesize
5.7MB

Download
memory/900-58-0x0000000074D70000-0x000000007531B000-memory.dmp

Filesize
5.7MB

Download