3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:17

Target

3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe
Size

518KB
MD5

5b53922a1a9fa10790860005567bdcfc
SHA1

872d4f73a6aaa4abdfe529f16048a56adc19bbbc
SHA256

3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe
SHA512

52b63165cfd106edc3a763cefa9de09f5fefc76bca319ecb250f20582ee85cac88ce92eae14c8f6a1d0555abfbe9bb92109ad11cc0d14ebbf486d9f292f4e0d9
SSDEEP

12288:y12QOxZzCZi8teLQyh8P8wYYlLPt5oKnWq3Xdb:y12fZzOi8teMlLPt5/WOR

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe

description	pid	process	target process
PID 3312 wrote to memory of 3212	3312	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe
PID 3312 wrote to memory of 3212	3312	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe
PID 3312 wrote to memory of 3212	3312	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe
PID 3312 wrote to memory of 3104	3312	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe
PID 3312 wrote to memory of 3104	3312	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe
PID 3312 wrote to memory of 3104	3312	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe	3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe

C:\Users\Admin\AppData\Local\Temp\3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe
"C:\Users\Admin\AppData\Local\Temp\3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3312

C:\Users\Admin\AppData\Local\Temp\3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe
start
2⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\3a2491166bfb7f39c200dd719752f41538c29bcd6e6220039d6f1d202fdc4bbe.exe
watch
2⤵
PID:3104

memory/3104-133-0x0000000000000000-mapping.dmp

Download
memory/3104-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3104-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3212-134-0x0000000000000000-mapping.dmp

Download
memory/3212-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3212-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3312-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3312-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download