c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8

Analysis

max time kernel
60s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:55

Target

c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe
Size

522KB
MD5

fc57d3c31570ab7ecbda076df7f4af3b
SHA1

f5a6e82832507e0666d0444357956041ed69be74
SHA256

c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8
SHA512

87eff7e8e5d29415b83b930aaa52791ca7b17f91826f09fdb7f3cf74e4cbdd77d28b6866657aa19bef17522baf2890f55abd94a310c3f9025d295afae03e3e79
SSDEEP

12288:T9BCLHRknzEor99+FHLly18xQqpx8O5E:CsOatqpx8

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe

description	pid	process	target process
PID 3704 wrote to memory of 3264	3704	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe
PID 3704 wrote to memory of 3264	3704	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe
PID 3704 wrote to memory of 3264	3704	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe
PID 3704 wrote to memory of 4696	3704	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe
PID 3704 wrote to memory of 4696	3704	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe
PID 3704 wrote to memory of 4696	3704	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe	c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe

C:\Users\Admin\AppData\Local\Temp\c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe
"C:\Users\Admin\AppData\Local\Temp\c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3704

C:\Users\Admin\AppData\Local\Temp\c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe
start
2⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\c4cdb0c2d5a60ccb636522191c86835cca583396a3d42f95c898af80d65c5cc8.exe
watch
2⤵
PID:4696

memory/3264-134-0x0000000000000000-mapping.dmp

Download
memory/3264-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3264-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3264-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3704-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3704-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4696-133-0x0000000000000000-mapping.dmp

Download
memory/4696-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4696-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4696-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download