30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0

Analysis

max time kernel
175s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2022, 02:25

Target

30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe
Size

526KB
MD5

be222e6919754e312d41080fafb4a7ed
SHA1

b1da7bbf0e2079b16f8a4eb48fa8012280c235cc
SHA256

30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0
SHA512

636c95b2cc749d73694c1f8359ecc284a4182927c33f51c899d9eae6d07fb6f681ad856d26c209bffd43ae5e184d33cc720a768fc3ff3511a4b9afdf4c3c1ffe
SSDEEP

12288:vN4coXVrrKYQ8JI3gPZPIYxy18xQqpx8O56G:vmc6n48JkmZPIYxatqpx8c

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 2564	5096	30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe	82
PID 5096 wrote to memory of 2564	5096	30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe	82
PID 5096 wrote to memory of 2564	5096	30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe	82
PID 5096 wrote to memory of 3412	5096	30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe	83
PID 5096 wrote to memory of 3412	5096	30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe	83
PID 5096 wrote to memory of 3412	5096	30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe	83

C:\Users\Admin\AppData\Local\Temp\30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe
"C:\Users\Admin\AppData\Local\Temp\30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Users\Admin\AppData\Local\Temp\30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe
  start
  2⤵
  PID:2564
- C:\Users\Admin\AppData\Local\Temp\30326c22be64ec8c8c3b8588943b6699288d2149ecc378823f9937fc67f0a8e0.exe
  watch
  2⤵
  PID:3412

memory/2564-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2564-143-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2564-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2564-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3412-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3412-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3412-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3412-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3412-144-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5096-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5096-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download