61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a

Analysis

max time kernel
154s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:11

Target

61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe
Size

522KB
MD5

ed72e37abd8b54bc3649ff272b832268
SHA1

fd3498334dee830a3ee38f5b6af2af979adb589c
SHA256

61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a
SHA512

9f3c408e3301c1b916f3fe7f70dbaa5bb56da2907474bf6d055e5a66b236086d39fb6f24ddcddb4a49378e62590525e90cfd59ef0e8c2eefe4552d6cc468d37b
SSDEEP

12288:dp0s9cnOK++lC28GmdwYYlLPt5oKnWq3kbg:H0QpMI28GTlLPt5/W9g

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe

description	pid	process	target process
PID 5076 wrote to memory of 4936	5076	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe
PID 5076 wrote to memory of 4936	5076	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe
PID 5076 wrote to memory of 4936	5076	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe
PID 5076 wrote to memory of 3808	5076	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe
PID 5076 wrote to memory of 3808	5076	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe
PID 5076 wrote to memory of 3808	5076	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe	61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe

C:\Users\Admin\AppData\Local\Temp\61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe
"C:\Users\Admin\AppData\Local\Temp\61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5076

C:\Users\Admin\AppData\Local\Temp\61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe
start
2⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\61ea8091edd5098c3d492f8890f03a4569c137f230470063073480f7235d9f5a.exe
watch
2⤵
PID:3808

memory/3808-133-0x0000000000000000-mapping.dmp

Download
memory/3808-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3808-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3808-141-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4936-134-0x0000000000000000-mapping.dmp

Download
memory/4936-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4936-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4936-140-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/5076-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/5076-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download