d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2

Analysis

max time kernel
166s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:00

Target

d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe
Size

522KB
MD5

b66ce7d6a920fb14d763ab334293ff47
SHA1

96384aec20532ccfd29de678637c252cc794e1e5
SHA256

d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2
SHA512

1cf17e7144b54fc103928ec11eea49a6f3b1db7db3e4be72776e8f0d93972ef0c8a5aabaaf74ab19e4484764577d528cf03d81949f33c2391a49b785ed5cde9c
SSDEEP

6144:ROwgAADRet/XjMhSKNKwTP1mlRqf+QKzNnDdnoCd1aqpUxdrZPkTY/210YO9ALuV:ROwhNX4TP1mlHhBDpwtWsjYO9Atwv

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe

description	pid	process	target process
PID 4160 wrote to memory of 4320	4160	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe
PID 4160 wrote to memory of 4320	4160	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe
PID 4160 wrote to memory of 4320	4160	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe
PID 4160 wrote to memory of 4376	4160	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe
PID 4160 wrote to memory of 4376	4160	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe
PID 4160 wrote to memory of 4376	4160	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe	d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe

C:\Users\Admin\AppData\Local\Temp\d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe
"C:\Users\Admin\AppData\Local\Temp\d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4160

C:\Users\Admin\AppData\Local\Temp\d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe
start
2⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\d5b19a8010b9ca84351d545ed7e5b7de823352dc6c3a0d5fe7097efbff347cb2.exe
watch
2⤵
PID:4376

memory/4160-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4160-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4320-135-0x0000000000000000-mapping.dmp

Download
memory/4320-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4320-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4320-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4320-143-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4376-134-0x0000000000000000-mapping.dmp

Download
memory/4376-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4376-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4376-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4376-144-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download