baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3

Analysis

max time kernel
163s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 06:30

Target

baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe
Size

295KB
MD5

0a4d5738e692a0363b12234f94764d40
SHA1

11d92b8d5849ab43f690b66e9e9d437dd8c57502
SHA256

baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3
SHA512

7ef23744a9e1b4b61d2a99b4e48e0604d6488ade46cd3fc0894e6778dd650cf144031ebf20dcce8e094ba6493f3f6c0b6be219a9aed424532210c5b6f0d8dd10
SSDEEP

6144:LZseRKeNh85jUHw9KNns+d+Xf1UMnda0ggZ:dbKeNW/ysY2UklZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 4624	948	baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe	79
PID 948 wrote to memory of 4624	948	baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe	79
PID 948 wrote to memory of 4624	948	baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe	79

C:\Users\Admin\AppData\Local\Temp\baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe
"C:\Users\Admin\AppData\Local\Temp\baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Users\Admin\AppData\Local\Temp\baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe
  tear
  2⤵
  PID:4624

memory/948-132-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/948-134-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/4624-135-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/4624-136-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download