4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32

Analysis

max time kernel
268s
max time network
350s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:14

Target

4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe
Size

526KB
MD5

38f2a461cad744fe6e85cdbf53b72374
SHA1

f83185d7eb9caf6104ef06d0a1f13c58b80c9c4e
SHA256

4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32
SHA512

010b1abe3bf78c70e412f92b9ec931e87a61954cb8580b466a18d870d99ad224d158aeebe36654c4ff0091de9d3eb1763cde8859f2e3dd2da43c90a8099db203
SSDEEP

12288:fau2nTf26KHyGNspfthMPn8Czxo4xUupSMrFCsNEfF4SN3:mTf2M7pPYG4quouFCsNaHN3

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe

description	pid	process	target process
PID 3756 wrote to memory of 3696	3756	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe
PID 3756 wrote to memory of 3696	3756	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe
PID 3756 wrote to memory of 3696	3756	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe
PID 3756 wrote to memory of 1628	3756	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe
PID 3756 wrote to memory of 1628	3756	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe
PID 3756 wrote to memory of 1628	3756	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe	4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe

C:\Users\Admin\AppData\Local\Temp\4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe
"C:\Users\Admin\AppData\Local\Temp\4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3756

C:\Users\Admin\AppData\Local\Temp\4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe
start
2⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\4c6ee98ac05687e36af4070b1a3e2af799a537dd09631a1e19df5f4f8a560f32.exe
watch
2⤵
PID:1628

memory/1628-133-0x0000000000000000-mapping.dmp

Download
memory/1628-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1628-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3696-134-0x0000000000000000-mapping.dmp

Download
memory/3696-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3696-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3756-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3756-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download