2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0

Analysis

max time kernel
203s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:19

Target

2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe
Size

526KB
MD5

8b1c53b95020e9df91c2dab583da5ac1
SHA1

15a7291f8b9a67462cf4f9b1d85eefa2450d9a00
SHA256

2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0
SHA512

b6554c176dd5d1d856f680d515443586c15c4096d2dd09e05c98e4ae725709744a8fb3bdb587ed082d53f37f6dd9a995bf1bd2258c54e08d683d7774cfe8ba36
SSDEEP

6144:XXE698im0sMOkyPTZ0LFE/xpyvt/WwI2cPz+HNgHRMmQy1CrxQqD9RSaSz+8O5MW:LWgybMUpLnr2AIy18xQqpx8O5MQL

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe

description	pid	process	target process
PID 3732 wrote to memory of 4908	3732	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe
PID 3732 wrote to memory of 4908	3732	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe
PID 3732 wrote to memory of 4908	3732	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe
PID 3732 wrote to memory of 3480	3732	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe
PID 3732 wrote to memory of 3480	3732	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe
PID 3732 wrote to memory of 3480	3732	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe	2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe

C:\Users\Admin\AppData\Local\Temp\2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe
"C:\Users\Admin\AppData\Local\Temp\2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3732

C:\Users\Admin\AppData\Local\Temp\2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe
start
2⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\2fef311a7472db49d3631a5d398c3733770783310f84f17c1276fcc5ad8550e0.exe
watch
2⤵
PID:3480

memory/3480-133-0x0000000000000000-mapping.dmp

Download
memory/3480-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3480-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3480-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3732-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3732-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4908-134-0x0000000000000000-mapping.dmp

Download
memory/4908-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4908-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4908-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4908-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download