c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337

Analysis

max time kernel
183s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:55

Target

c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe
Size

522KB
MD5

e4053263894e631d502a854dc8226237
SHA1

9d85db56de942a00a53799c581e4d32651885dd5
SHA256

c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337
SHA512

41548025e2915af54e1d0df34916cd51117355938979d0ce18f931077be179c66940fa460043aa2d324d44c61d935dbd2eac5b5235a0e42b32016c7218a6d7f0
SSDEEP

12288:p6g0y/D8sZR6gqwaxODCzxo4xUupSMrFCsNEfF4Sc:p6gxvP6g+G4quouFCsNaHc

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe

description	pid	process	target process
PID 4608 wrote to memory of 2536	4608	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe
PID 4608 wrote to memory of 2536	4608	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe
PID 4608 wrote to memory of 2536	4608	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe
PID 4608 wrote to memory of 4212	4608	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe
PID 4608 wrote to memory of 4212	4608	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe
PID 4608 wrote to memory of 4212	4608	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe	c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe

C:\Users\Admin\AppData\Local\Temp\c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe
"C:\Users\Admin\AppData\Local\Temp\c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4608

C:\Users\Admin\AppData\Local\Temp\c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe
start
2⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\c42a9d52f2cc204e16d862f159757924d67f5e2f550bc7d9ba0daac6845e6337.exe
watch
2⤵
PID:4212

memory/2536-135-0x0000000000000000-mapping.dmp

Download
memory/2536-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2536-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2536-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4212-134-0x0000000000000000-mapping.dmp

Download
memory/4212-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4212-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4608-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4608-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download