f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd

Analysis

max time kernel
22s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-10-2022 17:51

Target

f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe
Size

253KB
MD5

20a3b4d6e70e3dbd30faae664ce04280
SHA1

21edc112e5891c1d7a15c5a48ed7e91660bd2922
SHA256

f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd
SHA512

d07602e1cf482e2c7d582c4c2d31c47e8bf52956175030bf88777f258680aee2ba25f0db9761897040dd5ee428a1180219ee02c74dbaccca46acc3e7827a47f0
SSDEEP

6144:kqvag7seJgTObmLbR9JWJWRJYJAqE7yQz:kqSeJgT3RvE+Yy+

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe

description	pid	process	target process
PID 1724 wrote to memory of 1292	1724	f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe	dw20.exe
PID 1724 wrote to memory of 1292	1724	f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe	dw20.exe
PID 1724 wrote to memory of 1292	1724	f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe	dw20.exe
PID 1724 wrote to memory of 1292	1724	f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe
"C:\Users\Admin\AppData\Local\Temp\f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 776
  2⤵
  PID:1292

memory/1292-56-0x0000000000000000-mapping.dmp

Download
memory/1724-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/1724-55-0x0000000074780000-0x0000000074D2B000-memory.dmp

Filesize
5.7MB

Download
memory/1724-58-0x0000000074780000-0x0000000074D2B000-memory.dmp

Filesize
5.7MB

Download