98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774

Analysis

max time kernel
63s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:02

Target

98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe
Size

522KB
MD5

fcb3e28a8e4fc1389ed4d490a8a4abfd
SHA1

f2239d0de1971e1af9d06d0d5954f4ae0758844e
SHA256

98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774
SHA512

ad5cebd4980160542ffd09a646192e724cad41d44765a35d2974345191f982c3e2aaa9ee4d579d0e9a2f2718c7819c199eea9b40b6ddc58185befd9d22f3ab25
SSDEEP

12288:Lq1W1gYOXH6SmdfGTXqMmwYYlLPt5oKnWq35bt:LtgYOX6SYCDHlLPt5/WIt

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe

description	pid	process	target process
PID 1960 wrote to memory of 4924	1960	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe
PID 1960 wrote to memory of 4924	1960	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe
PID 1960 wrote to memory of 4924	1960	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe
PID 1960 wrote to memory of 4932	1960	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe
PID 1960 wrote to memory of 4932	1960	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe
PID 1960 wrote to memory of 4932	1960	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe	98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe

C:\Users\Admin\AppData\Local\Temp\98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe
"C:\Users\Admin\AppData\Local\Temp\98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Users\Admin\AppData\Local\Temp\98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe
  start
  2⤵
  PID:4924
- C:\Users\Admin\AppData\Local\Temp\98918d96fd2447d2e5fec28a2ac0e43b4c6677e1d12c2c58ac846d2135ec2774.exe
  watch
  2⤵
  PID:4932

memory/1960-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1960-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4924-134-0x0000000000000000-mapping.dmp

Download
memory/4924-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4924-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4932-133-0x0000000000000000-mapping.dmp

Download
memory/4932-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4932-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download