a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e

Analysis

max time kernel
47s
max time network
53s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:10

Target

a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe
Size

530KB
MD5

47792b3f9a6db407c4ec954f1674811f
SHA1

e34774173a582b5b1efed037db4274b84d993f08
SHA256

a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e
SHA512

c047c72dae899f0832a5659b6715eddae015b9c338cfe1db72b4a884b33998c2de7f32ea0b607efa1ca022207e5494b45891b27756a1a0d805de2fdc374a5720
SSDEEP

12288:Ae3/XJ2vyo32CgvOOOv3zNGZspc1mmIFGtJaY1bF:A+fIKqOO/zsZspc1mmDtJN

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe

description	pid	process	target process
PID 1360 wrote to memory of 1216	1360	a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe	a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe
PID 1360 wrote to memory of 1216	1360	a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe	a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe
PID 1360 wrote to memory of 1216	1360	a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe	a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe
PID 1360 wrote to memory of 1216	1360	a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe	a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe

C:\Users\Admin\AppData\Local\Temp\a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe
"C:\Users\Admin\AppData\Local\Temp\a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1360

C:\Users\Admin\AppData\Local\Temp\a92d4017e423af9a4526ab03cc73756953c7658c96c07f9d20cfa48bdec4073e.exe
tear
2⤵
PID:1216

memory/1216-55-0x0000000000000000-mapping.dmp

Download
memory/1216-58-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/1216-59-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/1360-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1360-57-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download