85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb

Analysis

max time kernel
149s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:05

Target

85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe
Size

518KB
MD5

29ef534939cb88ab8b702076ecf5f700
SHA1

90fb777675a95bf0242012ab0969b669e95e1cdf
SHA256

85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb
SHA512

c25ae6848070cde6c2516d549e3179008a401073e8c1fb84bb175a7b9ed590eecba247d4cc672830b9d71b34dd87e759a9c8b534973f43bdd7681ba1bb1ce29e
SSDEEP

12288:Zs3iN+/URiX2yFCPbkNIUjwYYlLPt5oKnWq3Db0:fN+/U9yob2IHlLPt5/Wi0

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe

description	pid	process	target process
PID 3976 wrote to memory of 1196	3976	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe
PID 3976 wrote to memory of 1196	3976	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe
PID 3976 wrote to memory of 1196	3976	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe
PID 3976 wrote to memory of 1304	3976	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe
PID 3976 wrote to memory of 1304	3976	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe
PID 3976 wrote to memory of 1304	3976	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe	85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe

C:\Users\Admin\AppData\Local\Temp\85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe
"C:\Users\Admin\AppData\Local\Temp\85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Users\Admin\AppData\Local\Temp\85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe
  start
  2⤵
  PID:1196
- C:\Users\Admin\AppData\Local\Temp\85fb559d6d10eea5726f8d14238a92b17219ade8136acafb6067d9e97b93f4eb.exe
  watch
  2⤵
  PID:1304

memory/1196-134-0x0000000000000000-mapping.dmp

Download
memory/1196-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1196-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1196-140-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1304-133-0x0000000000000000-mapping.dmp

Download
memory/1304-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1304-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1304-141-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3976-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3976-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download