fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc

Analysis

max time kernel
104s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2022, 01:51

Target

fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe
Size

522KB
MD5

9894cba77102478b774cfc84af051051
SHA1

98570fbae030a99366a59d2e4a54fcaf67ae1bb7
SHA256

fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc
SHA512

b8ad810ae90af93ed78dff1e0646a63fa993dbe90de581502058e76d99cfe66cc5eaba6869360ecea04f45424e7962fcae69596787496e056e5dfbbca06d32a8
SSDEEP

6144:T0DM8msJduB1MfRXPEwH4+CxQEJUvqrIuIVCJgIO+0m8OsAP9jcumQy1CrxQqD92:YLTdaQXA+CxTUVWlhAmy18xQqpx8O5/

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 1752	5000	fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe	84
PID 5000 wrote to memory of 1752	5000	fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe	84
PID 5000 wrote to memory of 1752	5000	fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe	84
PID 5000 wrote to memory of 1608	5000	fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe	85
PID 5000 wrote to memory of 1608	5000	fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe	85
PID 5000 wrote to memory of 1608	5000	fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe	85

C:\Users\Admin\AppData\Local\Temp\fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe
"C:\Users\Admin\AppData\Local\Temp\fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Users\Admin\AppData\Local\Temp\fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe
  start
  2⤵
  PID:1752
- C:\Users\Admin\AppData\Local\Temp\fe7fefc5e9686871028eb778dcd7806ef8f68c44d42cda57c1a984da593a8dfc.exe
  watch
  2⤵
  PID:1608

memory/1608-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1608-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1608-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1752-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1752-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1752-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5000-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5000-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download