8e1bbf2e50308978e9f1e82e754a0e9a0621cf2d598eeee96fc4bb1058a22ba7

Analysis

max time kernel
172s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:04

Target

8e1bbf2e50308978e9f1e82e754a0e9a0621cf2d598eeee96fc4bb1058a22ba7.exe
Size

308KB
MD5

43ed52c5116fc2309f6a42feff05d38e
SHA1

ba115ce7246834965b6dfeba045ee16a43355b36
SHA256

8e1bbf2e50308978e9f1e82e754a0e9a0621cf2d598eeee96fc4bb1058a22ba7
SHA512

cd05ed3767aad9bad45f1f664b7b66e5c0eef594a76d4b31c392bdc663b950e2deff0698409c87fec4f32500dcc67dfafbc91be5321a6323ce4e9af1c44c8b93
SSDEEP

6144:b2wGdz4O+IJa/t7y4UQ/xlMfZFjNmsHVtj3V2pHG:b2wGdzBm1SZFjNh1xVuH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

8e1bbf2e50308978e9f1e82e754a0e9a0621cf2d598eeee96fc4bb1058a22ba7.exe

description	pid	process	target process
PID 5100 wrote to memory of 4168	5100	8e1bbf2e50308978e9f1e82e754a0e9a0621cf2d598eeee96fc4bb1058a22ba7.exe	cmd.exe
PID 5100 wrote to memory of 4168	5100	8e1bbf2e50308978e9f1e82e754a0e9a0621cf2d598eeee96fc4bb1058a22ba7.exe	cmd.exe
PID 5100 wrote to memory of 4168	5100	8e1bbf2e50308978e9f1e82e754a0e9a0621cf2d598eeee96fc4bb1058a22ba7.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\8e1bbf2e50308978e9f1e82e754a0e9a0621cf2d598eeee96fc4bb1058a22ba7.exe
"C:\Users\Admin\AppData\Local\Temp\8e1bbf2e50308978e9f1e82e754a0e9a0621cf2d598eeee96fc4bb1058a22ba7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5100

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\GO.DATA
2⤵
PID:4168