37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743

Analysis

max time kernel
166s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:18

Target

37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe
Size

526KB
MD5

6a5908a5f7a8bdd725bc577421c9ae79
SHA1

a9a473f4965fa486aad8bfd059ebea8bb03fd8e8
SHA256

37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743
SHA512

30b3e491c6e0950211a0cc927565e5b93c92ca9145ed3effc09ad44b24bfcf3c5132891c7f3e9a6e54175efc1d90c3d5fa0922081491aa01159b1340c7b898b7
SSDEEP

12288:RWtVgAANVAAgtVGWNj5Kuy18xQqpx8O5sg:RWtVlAv3EGWjratqpx8A

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe

description	pid	process	target process
PID 1352 wrote to memory of 1344	1352	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe
PID 1352 wrote to memory of 1344	1352	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe
PID 1352 wrote to memory of 1344	1352	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe
PID 1352 wrote to memory of 4928	1352	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe
PID 1352 wrote to memory of 4928	1352	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe
PID 1352 wrote to memory of 4928	1352	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe	37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe

C:\Users\Admin\AppData\Local\Temp\37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe
"C:\Users\Admin\AppData\Local\Temp\37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1352

C:\Users\Admin\AppData\Local\Temp\37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe
start
2⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\37fad8eee6a0aa4017fea7bfe54b469dd782f93e9ba09920a71ac739a67fb743.exe
watch
2⤵
PID:4928

memory/1344-134-0x0000000000000000-mapping.dmp

Download
memory/1344-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1344-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1344-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1352-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1352-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4928-133-0x0000000000000000-mapping.dmp

Download
memory/4928-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4928-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4928-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download