baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1

Analysis

max time kernel
181s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:56

Target

baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe
Size

518KB
MD5

641ee6d3fc1c576e2bb69a2e8bd515bd
SHA1

8f0eb8d81dee4a40a9f71281210478d998c74747
SHA256

baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1
SHA512

13c6b8e8eda5a751123ba036d957d9bb201f975bb3429114fa3e39a25e14666519f7dbed78a2f045f8c664bc3ea136b1bffa60e0cef76d38cdbf7cd2ceb9d9e7
SSDEEP

6144:FPqpYWacmCaSBBcxuVUdOUf8vkB1j1PHbhY4/vG6mlw75G9+lLPX9MM8e459KOoI:FPq+smASc62g9YwYYlLPt5oKnWq3+b

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe

description	pid	process	target process
PID 2164 wrote to memory of 1480	2164	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe
PID 2164 wrote to memory of 1480	2164	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe
PID 2164 wrote to memory of 1480	2164	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe
PID 2164 wrote to memory of 2840	2164	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe
PID 2164 wrote to memory of 2840	2164	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe
PID 2164 wrote to memory of 2840	2164	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe	baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe

C:\Users\Admin\AppData\Local\Temp\baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe
"C:\Users\Admin\AppData\Local\Temp\baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe
  start
  2⤵
  PID:1480
- C:\Users\Admin\AppData\Local\Temp\baec94d625cf6aae8d4f2af9b3f5858ef8c54201269e3ffb7a316533e5e3d2f1.exe
  watch
  2⤵
  PID:2840

memory/1480-133-0x0000000000000000-mapping.dmp

Download
memory/1480-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1480-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1480-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2164-134-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2840-132-0x0000000000000000-mapping.dmp

Download
memory/2840-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2840-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download