5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2022, 02:20

Target

5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe
Size

518KB
MD5

5fc7b1562c15b5cb93def69d2e70a9b0
SHA1

10d06f9d5d35d96906570cc13dcbf92862761dd0
SHA256

5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175
SHA512

05dd7b29ae6e5837d91b29b62cba95bb1760a7cece9a642d8b229e72846c5c9501c78e162469851c95cb6b5c36ee610d4414528f74c36aae439a160f6d45aad6
SSDEEP

12288:pkTMORt/PA4k68vEDwYYlLPt5oKnWq3tNb:j8/PA4/4lLPt5/W2

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 4480	5016	5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe	78
PID 5016 wrote to memory of 4480	5016	5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe	78
PID 5016 wrote to memory of 4480	5016	5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe	78
PID 5016 wrote to memory of 4956	5016	5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe	79
PID 5016 wrote to memory of 4956	5016	5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe	79
PID 5016 wrote to memory of 4956	5016	5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe	79

C:\Users\Admin\AppData\Local\Temp\5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe
"C:\Users\Admin\AppData\Local\Temp\5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Users\Admin\AppData\Local\Temp\5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe
  start
  2⤵
  PID:4480
- C:\Users\Admin\AppData\Local\Temp\5210be12aa280bb9f20092ff3ef1cbb449c4b33fb042c799e3c3d4177ff20175.exe
  watch
  2⤵
  PID:4956

memory/4480-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4480-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4480-140-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4956-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4956-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4956-141-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/5016-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/5016-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download