d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d

Analysis

max time kernel
142s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:52

Target

d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe
Size

522KB
MD5

a396ae755b4af6c3aa4e6f13036c3902
SHA1

2ee1a4cf093d939d17fee9b81465e932555bc7dd
SHA256

d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d
SHA512

496ba78140f213e65cb95cb3783d97e2d5ec9ab38b7aff53096bb5d838f22a9830034a0fbcca4e6f7e1ca6f04c5afe49887454e597a2abf0d07d58c242a573d8
SSDEEP

6144:rsmeim/JvtffqsLz9HRBv2bapeveEdITmHlMhjMjDj9SKRmQy1CrxQqD9RSaSz+c:Iv1tHPtObapi9dIKf9jy18xQqpx8O54

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe

description	pid	process	target process
PID 1700 wrote to memory of 888	1700	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe
PID 1700 wrote to memory of 888	1700	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe
PID 1700 wrote to memory of 888	1700	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe
PID 1700 wrote to memory of 2636	1700	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe
PID 1700 wrote to memory of 2636	1700	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe
PID 1700 wrote to memory of 2636	1700	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe	d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe

C:\Users\Admin\AppData\Local\Temp\d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe
"C:\Users\Admin\AppData\Local\Temp\d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700

C:\Users\Admin\AppData\Local\Temp\d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe
start
2⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\d9d68e1abc71d1592608f2b9a55ecea26c3c01406256791e9093f284b2c8ce4d.exe
watch
2⤵
PID:2636

memory/888-134-0x0000000000000000-mapping.dmp

Download
memory/888-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/888-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/888-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1700-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1700-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2636-133-0x0000000000000000-mapping.dmp

Download
memory/2636-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2636-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2636-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download