742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9

Analysis

max time kernel
88s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:08

Target

742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe
Size

518KB
MD5

599e333441bf0f517e89a2a0e8aaacf2
SHA1

700ca09c37559ac6991f07a1d1d29d725ce7d0a9
SHA256

742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9
SHA512

b455467edbdec7b74e585549d10cec4d08558dbe8ae44fe8023fba6f47081551a8736f648d564630067faf5cec37b540320ca7e192ea3e699bbe4aa63b87ee6c
SSDEEP

6144:pM22Wru08AZRDu+8ZMajwkxlFYKEVpwqPz0AMjrClw75G9+lLPX9MM8e459KOoW+:e0r0eYwEe5MnCwYYlLPt5oKnWq3Fbg

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe

description	pid	process	target process
PID 2320 wrote to memory of 4112	2320	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe
PID 2320 wrote to memory of 4112	2320	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe
PID 2320 wrote to memory of 4112	2320	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe
PID 2320 wrote to memory of 2236	2320	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe
PID 2320 wrote to memory of 2236	2320	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe
PID 2320 wrote to memory of 2236	2320	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe	742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe

C:\Users\Admin\AppData\Local\Temp\742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe
"C:\Users\Admin\AppData\Local\Temp\742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320

C:\Users\Admin\AppData\Local\Temp\742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe
start
2⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\742c32461760fa6225fd45afca7f55af066219b6514dd7dd6326f85bdae493c9.exe
watch
2⤵
PID:2236

memory/2236-133-0x0000000000000000-mapping.dmp

Download
memory/2236-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2236-140-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2320-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2320-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4112-134-0x0000000000000000-mapping.dmp

Download
memory/4112-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4112-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4112-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download