aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2

Analysis

max time kernel
137s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:58

Target

aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe
Size

522KB
MD5

fd425cde9d6c25ac76cb9387ca03ef7f
SHA1

aff72c9453b7a86a0471e97dcc2470cd55256eb0
SHA256

aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2
SHA512

c2f593af6f44ce1e07f4c2bebc2008e7048c98f6b2ab534e426ffef55721fbae11b9c5441c60bd054392cd152dd5159704aacb67edeb8f025a6d5dc48cbe0f08
SSDEEP

12288:8MFxxxuP+Ny17HFGyu2NTrf3voC1jub1vUy18xQqpx8O5MEkh:nT81HFGyu6T3QC9uKatqpx8Uc

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe

description	pid	process	target process
PID 3008 wrote to memory of 4956	3008	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe
PID 3008 wrote to memory of 4956	3008	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe
PID 3008 wrote to memory of 4956	3008	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe
PID 3008 wrote to memory of 2052	3008	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe
PID 3008 wrote to memory of 2052	3008	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe
PID 3008 wrote to memory of 2052	3008	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe	aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe

C:\Users\Admin\AppData\Local\Temp\aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe
"C:\Users\Admin\AppData\Local\Temp\aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe
  start
  2⤵
  PID:4956
- C:\Users\Admin\AppData\Local\Temp\aed323b268f3508c8d81d4139e3c396200134a5e8e3d187ab20b1755196065b2.exe
  watch
  2⤵
  PID:2052

memory/2052-134-0x0000000000000000-mapping.dmp

Download
memory/2052-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2052-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2052-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3008-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3008-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3008-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4956-135-0x0000000000000000-mapping.dmp

Download
memory/4956-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4956-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4956-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download