8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16

Analysis

max time kernel
139s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:03

Target

8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe
Size

522KB
MD5

ddee033344d8ce75d0a1e60ef8951b5e
SHA1

630f76ade605cc29f28cea4acc4b6680cbc7f793
SHA256

8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16
SHA512

358129e34a0f8398d3c6282ce577186f1e84fe397cd0ecf47ccb607433bab72aefcbdcaff92973444aad4d6271fb54659c6a8839075cbc6c4255229d35b05a4b
SSDEEP

12288:5PPPydKt9OhUS1t2J6q2aUhDerwYYlLPt5oKnWq36Hb6V:5PPPWKjOWW2ifhJlLPt5/Wd6V

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe

description	pid	process	target process
PID 3112 wrote to memory of 220	3112	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe
PID 3112 wrote to memory of 220	3112	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe
PID 3112 wrote to memory of 220	3112	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe
PID 3112 wrote to memory of 1272	3112	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe
PID 3112 wrote to memory of 1272	3112	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe
PID 3112 wrote to memory of 1272	3112	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe	8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe

C:\Users\Admin\AppData\Local\Temp\8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe
"C:\Users\Admin\AppData\Local\Temp\8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3112

C:\Users\Admin\AppData\Local\Temp\8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe
start
2⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\8feca58457109997888d29195454e7677b41fab3613dca33f77fda440a297b16.exe
watch
2⤵
PID:1272

memory/220-134-0x0000000000000000-mapping.dmp

Download
memory/220-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/220-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/220-140-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/220-141-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1272-133-0x0000000000000000-mapping.dmp

Download
memory/1272-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1272-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1272-142-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3112-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3112-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download