af389e84c891f63305d2bce410e3c74ef7c5eef596e0edbf22bc11a38e4637aa

Analysis

max time kernel
92s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2022, 01:02

Target

af389e84c891f63305d2bce410e3c74ef7c5eef596e0edbf22bc11a38e4637aa.exe
Size

20KB
MD5

9133158e9ca6559d85175506ae95fff0
SHA1

a3f88cc45890b4352c8ac85b5e5e0df0faa7b9d7
SHA256

af389e84c891f63305d2bce410e3c74ef7c5eef596e0edbf22bc11a38e4637aa
SHA512

115a483d352e04b479ab68e85733c10f4cab60e2582da920a6454581d63df9028bdb5db3658fa254daa4a4542516ce3d4ab189e0f32c1849647151c567a70218
SSDEEP

192:M7eCGJOrjDbAmy3WvX3nLPENz0MWpQGSnmxfxfP1oynMdnSr:YeCGJtp3WP+qn1KdnY

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 1236	4584	af389e84c891f63305d2bce410e3c74ef7c5eef596e0edbf22bc11a38e4637aa.exe	79
PID 4584 wrote to memory of 1236	4584	af389e84c891f63305d2bce410e3c74ef7c5eef596e0edbf22bc11a38e4637aa.exe	79
PID 4584 wrote to memory of 1236	4584	af389e84c891f63305d2bce410e3c74ef7c5eef596e0edbf22bc11a38e4637aa.exe	79
PID 1236 wrote to memory of 4596	1236	net.exe	81
PID 1236 wrote to memory of 4596	1236	net.exe	81
PID 1236 wrote to memory of 4596	1236	net.exe	81

C:\Users\Admin\AppData\Local\Temp\af389e84c891f63305d2bce410e3c74ef7c5eef596e0edbf22bc11a38e4637aa.exe
"C:\Users\Admin\AppData\Local\Temp\af389e84c891f63305d2bce410e3c74ef7c5eef596e0edbf22bc11a38e4637aa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Windows\SysWOW64\net.exe
  net start NLPSA
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1236
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 start NLPSA
    3⤵
    PID:4596