8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:03

Target

8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe
Size

522KB
MD5

8f40822a89506f5e60bf62298ad0b018
SHA1

9a44e75d56107fe6d469d5a954eb703881d9c116
SHA256

8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c
SHA512

c6f7240fdc34e0638414ee2e9a0ea03ed9d1da96019ccd27379c797b2c1eca3174c59c48e69f1b9057cb9046248673cb329faabb26414ba88e1b1dcd98661372
SSDEEP

12288:avooyLKXzPvW+9P7mY0l8Uypy18xQqpx8O5Ji:6IkXLx770CUyatqpx8

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe

description	pid	process	target process
PID 4936 wrote to memory of 896	4936	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe
PID 4936 wrote to memory of 896	4936	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe
PID 4936 wrote to memory of 896	4936	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe
PID 4936 wrote to memory of 372	4936	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe
PID 4936 wrote to memory of 372	4936	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe
PID 4936 wrote to memory of 372	4936	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe	8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe

C:\Users\Admin\AppData\Local\Temp\8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe
"C:\Users\Admin\AppData\Local\Temp\8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4936

C:\Users\Admin\AppData\Local\Temp\8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe
start
2⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\8d7439ff4e3afeb69f6aebedeae6b51f5c660433ad3bbdeb0c933c0d2a3f965c.exe
watch
2⤵
PID:372

memory/372-133-0x0000000000000000-mapping.dmp

Download
memory/372-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/372-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/372-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/372-143-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/896-134-0x0000000000000000-mapping.dmp

Download
memory/896-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/896-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/896-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/896-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4936-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4936-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download