cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020

Analysis

max time kernel
137s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:54

Target

cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe
Size

518KB
MD5

166ec1b5efcb673be37a0bd5f5e50f10
SHA1

acd104c800cf9e633ef4c66d1ceef495f852b079
SHA256

cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020
SHA512

27a5ea38b72ada6d8a66bdcb95514005c03358924711a6bdcdce7149a91b986c64c02c0ac58fe7992dff363f1c16bb494e985eb0f696a7cbfdf18013c9de897f
SSDEEP

12288:s/xYo6I+h6OtRbVbtwYYlLPt5oKnWq3Eb/6C:s/D6I+hJtzbalLPt5/Wl/

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe

description	pid	process	target process
PID 3912 wrote to memory of 1556	3912	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe
PID 3912 wrote to memory of 1556	3912	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe
PID 3912 wrote to memory of 1556	3912	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe
PID 3912 wrote to memory of 2880	3912	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe
PID 3912 wrote to memory of 2880	3912	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe
PID 3912 wrote to memory of 2880	3912	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe	cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe

C:\Users\Admin\AppData\Local\Temp\cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe
"C:\Users\Admin\AppData\Local\Temp\cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3912

C:\Users\Admin\AppData\Local\Temp\cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe
start
2⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\cc696c94e23a0e334b2ccc0a69c492b9b56768fd0bc40e64960bc83f30aad020.exe
watch
2⤵
PID:2880

memory/1556-134-0x0000000000000000-mapping.dmp

Download
memory/1556-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1556-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2880-133-0x0000000000000000-mapping.dmp

Download
memory/2880-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2880-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3912-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3912-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download