32e879679aa646eefd91e10f1dbb5fa457db7f8e3b09302d155784a71edd7351

Analysis

max time kernel
5s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 06:50

Target

32e879679aa646eefd91e10f1dbb5fa457db7f8e3b09302d155784a71edd7351.exe
Size

186KB
MD5

2f84a7a57f0a70c9910c5309e3bc0d4e
SHA1

ccf00ad1f9ed28cc8f38441976e8bac08eba22b7
SHA256

32e879679aa646eefd91e10f1dbb5fa457db7f8e3b09302d155784a71edd7351
SHA512

6de73f7ef0a00a7c6146d53c61d6a6da5d9eb3e285c57063636eaceb509cf40cfff6d9a14992df7bee6d60f4a1eaff4582d90198d62f09f755655aecec24158b
SSDEEP

768:LHpeOcK2CLMsX/gsqQXJdfA1b6WMzvY0l37GMtpiSyQ5B5ZBZT2b+OFVdk8A:LJqKumclJRI7ASyQ5trOrj

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 1948	828	32e879679aa646eefd91e10f1dbb5fa457db7f8e3b09302d155784a71edd7351.exe	28
PID 828 wrote to memory of 1948	828	32e879679aa646eefd91e10f1dbb5fa457db7f8e3b09302d155784a71edd7351.exe	28
PID 828 wrote to memory of 1948	828	32e879679aa646eefd91e10f1dbb5fa457db7f8e3b09302d155784a71edd7351.exe	28
PID 828 wrote to memory of 1948	828	32e879679aa646eefd91e10f1dbb5fa457db7f8e3b09302d155784a71edd7351.exe	28

C:\Users\Admin\AppData\Local\Temp\32e879679aa646eefd91e10f1dbb5fa457db7f8e3b09302d155784a71edd7351.exe
"C:\Users\Admin\AppData\Local\Temp\32e879679aa646eefd91e10f1dbb5fa457db7f8e3b09302d155784a71edd7351.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 428
  2⤵
  PID:1948

memory/828-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download
memory/828-55-0x0000000074240000-0x00000000747EB000-memory.dmp

Filesize
5.7MB

Download