7fe95a5bfa038a6afaae222d79d552d1157a9bf22d6d368ec5f9b6dc48f84184

Analysis

max time kernel
164s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 13:58

Target

7fe95a5bfa038a6afaae222d79d552d1157a9bf22d6d368ec5f9b6dc48f84184.exe
Size

16KB
MD5

12b6e8574ca78a671af19e223b8558d7
SHA1

dd94c9cf37d7318e2b05ad22a1c988164437ae32
SHA256

7fe95a5bfa038a6afaae222d79d552d1157a9bf22d6d368ec5f9b6dc48f84184
SHA512

6422259cdbf353046280ce7d485a7d59af6f965fca971a662be89599591bdc92e2905fc754466ec34e800b49360d837eff90cb2ff68d9f93336ed65e2fecc1af
SSDEEP

96:CXTacedhER/uEq8zH1gWxq2sjq+ArVkxeUIjTT8jtPtboynwEzhL:8aceL8Q8ZgWbFiLUTiP1oynwgL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4800	4900	7fe95a5bfa038a6afaae222d79d552d1157a9bf22d6d368ec5f9b6dc48f84184.exe	79
PID 4900 wrote to memory of 4800	4900	7fe95a5bfa038a6afaae222d79d552d1157a9bf22d6d368ec5f9b6dc48f84184.exe	79
PID 4900 wrote to memory of 4800	4900	7fe95a5bfa038a6afaae222d79d552d1157a9bf22d6d368ec5f9b6dc48f84184.exe	79

C:\Users\Admin\AppData\Local\Temp\7fe95a5bfa038a6afaae222d79d552d1157a9bf22d6d368ec5f9b6dc48f84184.exe
"C:\Users\Admin\AppData\Local\Temp\7fe95a5bfa038a6afaae222d79d552d1157a9bf22d6d368ec5f9b6dc48f84184.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\\del_temp.bat
  2⤵
  PID:4800

C:\Users\Admin\AppData\Local\Temp\del_temp.bat

Filesize
246B

MD5
2fe77144cc3a727e716f5d7ebee5c2fd

SHA1
a205dde654f6375ac7de8c9082aa9f739bca3b36

SHA256
3921958319447e2a43a2544ce33eaf52fe67aba2e8c770ac2b23ae68e5b5be3f

SHA512
221fb464d574a16ddeeb1762983e1e801f34cc0cace753db906e778b7a8a49e5ca5d62d32fab7947c676f0e37ce0f1c44209cfa9d87306a2530c8b141833d5ef

Download Submit
memory/4800-132-0x0000000000000000-mapping.dmp

Download