ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:49

Target

ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe
Size

522KB
MD5

c7d55e975706072176544f524624b65a
SHA1

6bc89a7b0559714f58d307be9c325337ab52594f
SHA256

ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa
SHA512

fbf3cbc5339a9c0d271a51a6bdedabd84d6f804f70a2bae4f4887cd88353b45c4d350b7d3fb5879e6798348b5240011ec97daf28d277fb971524840554525e7f
SSDEEP

12288:IBuh75JFrZxPjri5NO8y18xQqpx8O52O:Gu73FEO8atqpx8

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe

description	pid	process	target process
PID 4676 wrote to memory of 3752	4676	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe
PID 4676 wrote to memory of 3752	4676	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe
PID 4676 wrote to memory of 3752	4676	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe
PID 4676 wrote to memory of 3924	4676	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe
PID 4676 wrote to memory of 3924	4676	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe
PID 4676 wrote to memory of 3924	4676	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe	ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe

C:\Users\Admin\AppData\Local\Temp\ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe
"C:\Users\Admin\AppData\Local\Temp\ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4676

C:\Users\Admin\AppData\Local\Temp\ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe
start
2⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\ef1a74d9cafc17397851ff67579f92bd20e670428069b2ad4988746294acf2fa.exe
watch
2⤵
PID:3924

memory/3752-134-0x0000000000000000-mapping.dmp

Download
memory/3752-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3752-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3752-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3924-133-0x0000000000000000-mapping.dmp

Download
memory/3924-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3924-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3924-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4676-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4676-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download