4c50e65a56d00fc950b85f91dbc827dd8d25c3e139fb234add37e3c5ffa3a4e5

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 22:01

Target

4c50e65a56d00fc950b85f91dbc827dd8d25c3e139fb234add37e3c5ffa3a4e5.exe
Size

85KB
MD5

3304e7de85f3f47cf992f0fbf4f4c9a0
SHA1

c2cc5c954cf520a615731eae9426c9d5651ce17a
SHA256

4c50e65a56d00fc950b85f91dbc827dd8d25c3e139fb234add37e3c5ffa3a4e5
SHA512

6388877dd28a185150b85fccfc44b6304d382c45222d9a8adf0576d4f5ae3e0762c19ed83597da5ad533d48f831ed4bbda9a2076bc3473b2521ab3a70c13e4f3
SSDEEP

1536:VxEO5bwU4em3P0ZqwakO8pY3n6xAgQb5Wt5bwUZ:l5bj4eCCM8penxI5bjZ

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 1732	1208	4c50e65a56d00fc950b85f91dbc827dd8d25c3e139fb234add37e3c5ffa3a4e5.exe	27
PID 1208 wrote to memory of 1732	1208	4c50e65a56d00fc950b85f91dbc827dd8d25c3e139fb234add37e3c5ffa3a4e5.exe	27
PID 1208 wrote to memory of 1732	1208	4c50e65a56d00fc950b85f91dbc827dd8d25c3e139fb234add37e3c5ffa3a4e5.exe	27
PID 1208 wrote to memory of 1732	1208	4c50e65a56d00fc950b85f91dbc827dd8d25c3e139fb234add37e3c5ffa3a4e5.exe	27

C:\Users\Admin\AppData\Local\Temp\4c50e65a56d00fc950b85f91dbc827dd8d25c3e139fb234add37e3c5ffa3a4e5.exe
"C:\Users\Admin\AppData\Local\Temp\4c50e65a56d00fc950b85f91dbc827dd8d25c3e139fb234add37e3c5ffa3a4e5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 416
  2⤵
  PID:1732

memory/1208-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/1208-57-0x0000000074A50000-0x0000000074FFB000-memory.dmp

Filesize
5.7MB

Download
memory/1208-58-0x0000000074A50000-0x0000000074FFB000-memory.dmp

Filesize
5.7MB

Download