dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:56

Target

dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe
Size

522KB
MD5

501138e06baf70a939a88688c28a5cc6
SHA1

cc1e78d766b813fc29e51b0ac5a0f90bcea29a8a
SHA256

dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850
SHA512

dc2140d1031705df3dcebe2abe17bed627c150a1ac6c3921f72b68c16815e22c9a2ee3376922f5b5fdcc611865030e7f35d01c700e1d24658c1c4aa60f1c6597
SSDEEP

12288:lB8eQKpTlwb9M8OJRmUCDpwtWsjYO9Atww:X8xKHYe8OJRmJCrkO9qw

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe

description	pid	process	target process
PID 4612 wrote to memory of 1556	4612	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe
PID 4612 wrote to memory of 1556	4612	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe
PID 4612 wrote to memory of 1556	4612	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe
PID 4612 wrote to memory of 1676	4612	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe
PID 4612 wrote to memory of 1676	4612	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe
PID 4612 wrote to memory of 1676	4612	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe	dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe

C:\Users\Admin\AppData\Local\Temp\dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe
"C:\Users\Admin\AppData\Local\Temp\dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4612

C:\Users\Admin\AppData\Local\Temp\dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe
start
2⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\dc973eadb5c90260b1c28b2f618705ab190e7ba7ec1cd093cd241e86cfc6f850.exe
watch
2⤵
PID:1676

memory/1556-134-0x0000000000000000-mapping.dmp

Download
memory/1556-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1556-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1556-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1676-133-0x0000000000000000-mapping.dmp

Download
memory/1676-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1676-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1676-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4612-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4612-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download