db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:56

Target

db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe
Size

522KB
MD5

f6ab38d296597dfb6661c17cc6e2447e
SHA1

fce035f67d094195c8e1746cfdb34fbada92bc90
SHA256

db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2
SHA512

c9e567a4dcba2ab13153f3f18d2c0221add3a43675ea5cbd36b0cae7297b666906969dbd4b2eaf0000c968d0042a881845ec4d43014d545983dd4c8471d6c33d
SSDEEP

12288:LImGMkHam9LM/95zTIzCzxo4xUupSMrFCsNEfF4S/F:L88HzJG4quouFCsNaH/F

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe

description	pid	process	target process
PID 2760 wrote to memory of 428	2760	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe
PID 2760 wrote to memory of 428	2760	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe
PID 2760 wrote to memory of 428	2760	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe
PID 2760 wrote to memory of 3988	2760	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe
PID 2760 wrote to memory of 3988	2760	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe
PID 2760 wrote to memory of 3988	2760	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe	db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe

C:\Users\Admin\AppData\Local\Temp\db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe
"C:\Users\Admin\AppData\Local\Temp\db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe
start
2⤵
PID:428

C:\Users\Admin\AppData\Local\Temp\db263bfc8a43d46f6fd7ec05d640c1a29a9f206afd3b8ab04d0488af72b150f2.exe
watch
2⤵
PID:3988

memory/428-135-0x0000000000000000-mapping.dmp

Download
memory/428-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/428-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2760-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2760-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2760-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3988-134-0x0000000000000000-mapping.dmp

Download
memory/3988-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3988-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download