cbb74dd6e424ffafffb03e121bcacd7e31e6e47fba77363faff03e9e20d16526

Analysis

max time kernel
48s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 00:06

Target

cbb74dd6e424ffafffb03e121bcacd7e31e6e47fba77363faff03e9e20d16526.exe
Size

235KB
MD5

0c4535a6eaeab79ee4e454af1c7a4f00
SHA1

d039f85e43f3c530d8566e49bc5c4c74cf926cef
SHA256

cbb74dd6e424ffafffb03e121bcacd7e31e6e47fba77363faff03e9e20d16526
SHA512

e8afa59cde6a9b02c2093ac05fa2f2af8748b192c7e90f9cc3ede490b47bf75f4434e93743dd0f50ebe60100f901338926115cda7f637f19f076ffe7a46e46cd
SSDEEP

3072:xJXC2HSA1F3GLsQawFsGIyeBHeFuXtJuB0oy5ApmDixS2U2tt3qC:Py4SIsL5jhIyewFu9Jf35AXxS2U2P6

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1528	1328	cbb74dd6e424ffafffb03e121bcacd7e31e6e47fba77363faff03e9e20d16526.exe	27
PID 1328 wrote to memory of 1528	1328	cbb74dd6e424ffafffb03e121bcacd7e31e6e47fba77363faff03e9e20d16526.exe	27
PID 1328 wrote to memory of 1528	1328	cbb74dd6e424ffafffb03e121bcacd7e31e6e47fba77363faff03e9e20d16526.exe	27
PID 1328 wrote to memory of 1528	1328	cbb74dd6e424ffafffb03e121bcacd7e31e6e47fba77363faff03e9e20d16526.exe	27

C:\Users\Admin\AppData\Local\Temp\cbb74dd6e424ffafffb03e121bcacd7e31e6e47fba77363faff03e9e20d16526.exe
"C:\Users\Admin\AppData\Local\Temp\cbb74dd6e424ffafffb03e121bcacd7e31e6e47fba77363faff03e9e20d16526.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 452
  2⤵
  PID:1528

memory/1328-54-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/1328-57-0x00000000745E0000-0x0000000074B8B000-memory.dmp

Filesize
5.7MB

Download
memory/1328-58-0x00000000745E0000-0x0000000074B8B000-memory.dmp

Filesize
5.7MB

Download
memory/1528-55-0x0000000000000000-mapping.dmp

Download