b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554

Analysis

max time kernel
91s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2022, 02:03

Target

b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe
Size

518KB
MD5

8ec9a1d4ef3508c1bb7c6bd171d10fc6
SHA1

83996f364ad6e35a83c89c668d11a18981e40c12
SHA256

b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554
SHA512

8f8df13561b7cb965cbdb73d25efd7a8c9f0c1ebade07b63d5cb394405789bec11502914aac4f2e3424df8adfe00aad10b0795edd5164f5643626f49e9286c4f
SSDEEP

12288:e1EA52NW/i+saC4J36HlRqkKhRzo/wYYlLPt5oKnWq3HDb:wRr/rdC9HlR8hK0lLPt5/Wq

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 4700	2200	b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe	80
PID 2200 wrote to memory of 4700	2200	b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe	80
PID 2200 wrote to memory of 4700	2200	b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe	80
PID 2200 wrote to memory of 5076	2200	b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe	81
PID 2200 wrote to memory of 5076	2200	b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe	81
PID 2200 wrote to memory of 5076	2200	b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe	81

C:\Users\Admin\AppData\Local\Temp\b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe
"C:\Users\Admin\AppData\Local\Temp\b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe
  start
  2⤵
  PID:4700
- C:\Users\Admin\AppData\Local\Temp\b81fcd5be14384b6df156cfa2cd19758496f88f1bbff16227a43a5033fdce554.exe
  watch
  2⤵
  PID:5076

memory/2200-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2200-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4700-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4700-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4700-140-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/5076-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/5076-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/5076-141-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download