c0f803dcf3b84711a55eb1323083262db3568b22b0f4addda86d8a522daa14bd

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 08:10

Target

c0f803dcf3b84711a55eb1323083262db3568b22b0f4addda86d8a522daa14bd.exe
Size

305KB
MD5

8011c2d991c0b502905e65a1189270b9
SHA1

2d7a9ed5924a153dc7a39733f33b0e4f948c8819
SHA256

c0f803dcf3b84711a55eb1323083262db3568b22b0f4addda86d8a522daa14bd
SHA512

280e270b74c05b6b4da29a24105524a249ff946727eab29ee5c48fd731773bf5301791b7898c86d68cd2c75a2771a5a05735955466181f26a472d3bc44cd02fd
SSDEEP

3072:qYNl2Rqy2CQY/fEXfERUIk93AH/diSiL96Led5oc0o8HnDchkiXMFOps7E1aQfYe:xNlw2CDuksShLUofHHDchktEaXipndJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 1120	1464	c0f803dcf3b84711a55eb1323083262db3568b22b0f4addda86d8a522daa14bd.exe	27
PID 1464 wrote to memory of 1120	1464	c0f803dcf3b84711a55eb1323083262db3568b22b0f4addda86d8a522daa14bd.exe	27
PID 1464 wrote to memory of 1120	1464	c0f803dcf3b84711a55eb1323083262db3568b22b0f4addda86d8a522daa14bd.exe	27

C:\Users\Admin\AppData\Local\Temp\c0f803dcf3b84711a55eb1323083262db3568b22b0f4addda86d8a522daa14bd.exe
"C:\Users\Admin\AppData\Local\Temp\c0f803dcf3b84711a55eb1323083262db3568b22b0f4addda86d8a522daa14bd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 420
  2⤵
  PID:1120

memory/1120-57-0x000007FEFB9E1000-0x000007FEFB9E3000-memory.dmp

Filesize
8KB

Download
memory/1464-54-0x000007FEF3FC0000-0x000007FEF49E3000-memory.dmp

Filesize
10.1MB

Download
memory/1464-55-0x000007FEF2870000-0x000007FEF3906000-memory.dmp

Filesize
16.6MB

Download