c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:54

Target

c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe
Size

522KB
MD5

78451b684cd2cda2fa1ec0944fc9a250
SHA1

4ec2096b2c8e03a3fedf66bc6dd589d5b9d3f881
SHA256

c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1
SHA512

ca6bfc36342cc58b138c56d4cc7e682d8129827320afdddc8b793d845f61848ffabd1d72112b807660e4d7321365dfa0e58f2bb280beb8d39e280f532d1a1305
SSDEEP

6144:T1JyLRZhNur76wmAG8uTfR0LgZE6EumIy/XKM/4HClGmQy1CrxQqD9RSaSz+8O5I:BJuur76wNGrVoAeey18xQqpx8O5s

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe

description	pid	process	target process
PID 4828 wrote to memory of 3756	4828	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe
PID 4828 wrote to memory of 3756	4828	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe
PID 4828 wrote to memory of 3756	4828	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe
PID 4828 wrote to memory of 1904	4828	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe
PID 4828 wrote to memory of 1904	4828	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe
PID 4828 wrote to memory of 1904	4828	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe	c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe

C:\Users\Admin\AppData\Local\Temp\c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe
"C:\Users\Admin\AppData\Local\Temp\c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Users\Admin\AppData\Local\Temp\c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe
  start
  2⤵
  PID:3756
- C:\Users\Admin\AppData\Local\Temp\c90ee56f7ca795cb2d3e6d210cdda52328a0236c2a66bc708f464768909428f1.exe
  watch
  2⤵
  PID:1904

memory/1904-133-0x0000000000000000-mapping.dmp

Download
memory/1904-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1904-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1904-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3756-134-0x0000000000000000-mapping.dmp

Download
memory/3756-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3756-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3756-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4828-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4828-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download