facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:47

Target

facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe
Size

522KB
MD5

d6402f55cb5facace54fd36a321e6476
SHA1

a9a6de7e28bc081447aa082039adff371705771b
SHA256

facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797
SHA512

4d67dd72436ce344c936613a38561ce95263a54e2859aa66e5cde0653d6b3edf311c4b2871d47b639aa1548ef9017bd55853064125b7091e2bd44f19161e14ee
SSDEEP

12288:/m2XHHA2gPEqJt6Czxo4xUupSMrFCsNEfF4S3:O6HA24EsG4quouFCsNaH3

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe

description	pid	process	target process
PID 952 wrote to memory of 1196	952	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe
PID 952 wrote to memory of 1196	952	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe
PID 952 wrote to memory of 1196	952	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe
PID 952 wrote to memory of 1304	952	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe
PID 952 wrote to memory of 1304	952	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe
PID 952 wrote to memory of 1304	952	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe	facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe

C:\Users\Admin\AppData\Local\Temp\facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe
"C:\Users\Admin\AppData\Local\Temp\facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:952

C:\Users\Admin\AppData\Local\Temp\facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe
start
2⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\facbf9f71e4507fe031f715225206377bee9130a8d24311fd8116f37a9066797.exe
watch
2⤵
PID:1304

memory/952-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/952-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1196-134-0x0000000000000000-mapping.dmp

Download
memory/1196-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1196-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1196-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-133-0x0000000000000000-mapping.dmp

Download
memory/1304-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1304-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download