6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b

Analysis

max time kernel
150s
max time network
130s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-10-2022 03:44

Target

6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe
Size

140KB
MD5

561f9f5b5796ff0c3064f35f9e171330
SHA1

323ad72c45546ce0f14029a71401a485c6f47197
SHA256

6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b
SHA512

a18b59fd8a95b6ed811bd8389f13ce78cbec4513e713a0d0eb8699c074e2197510a184c97336ecd5bb6325207d4dfe6343e6783b642e6679cfa5106c0e6ef6ca
SSDEEP

3072:3Qx7ehVicKtZAcprCbFkSqnLOLHn+JtHnWxwQ34KC:+7eKcKtZAcpO2S5+zcvI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2032	1980	6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe	28
PID 1980 wrote to memory of 2032	1980	6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe	28
PID 1980 wrote to memory of 2032	1980	6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe	28
PID 1980 wrote to memory of 2032	1980	6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe	28
PID 1980 wrote to memory of 2032	1980	6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe	28
PID 1980 wrote to memory of 2032	1980	6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe	28
PID 1980 wrote to memory of 2032	1980	6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe	28

C:\Users\Admin\AppData\Local\Temp\6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe
"C:\Users\Admin\AppData\Local\Temp\6bc9a5ba861a1b03f2edcba3a19e2b13c023b35090c7f921fe5b60485932277b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  PID:2032

memory/1980-54-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/1980-60-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/2032-58-0x0000000000100000-0x0000000000109000-memory.dmp

Filesize
36KB

Download
memory/2032-56-0x0000000000100000-0x0000000000109000-memory.dmp

Filesize
36KB

Download
memory/2032-62-0x0000000000100000-0x0000000000109000-memory.dmp

Filesize
36KB

Download
memory/2032-61-0x0000000000550000-0x0000000000558000-memory.dmp

Filesize
32KB

Download