2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac

Analysis

max time kernel
185s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:19

Target

2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe
Size

518KB
MD5

9c936f5823a321f72aeff4b67add31b1
SHA1

042c448eb647b0f4810b80e02c3ca8ee1b7d89e4
SHA256

2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac
SHA512

665d0394236e36963bfdfb8b47b524a0c0a1837a995ed8c8a99bb21bbb7e1e1f4e9eb0b84a396978b20c5141fb8e47f1a594935ac5e65a1b2aef5b52a0736a4a
SSDEEP

12288:KImSSP2p9Of5mEp9xwYYlLPt5oKnWq33b:9mSSPWOf5ulLPt5/Wq

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe

description	pid	process	target process
PID 2856 wrote to memory of 768	2856	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe
PID 2856 wrote to memory of 768	2856	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe
PID 2856 wrote to memory of 768	2856	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe
PID 2856 wrote to memory of 3476	2856	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe
PID 2856 wrote to memory of 3476	2856	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe
PID 2856 wrote to memory of 3476	2856	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe	2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe

C:\Users\Admin\AppData\Local\Temp\2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe
"C:\Users\Admin\AppData\Local\Temp\2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2856

C:\Users\Admin\AppData\Local\Temp\2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe
start
2⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\2a5eb297641e70fdfa48267b81fd57e8c4b6e10b84e57a0f3a89c1a3e9621cac.exe
watch
2⤵
PID:3476

memory/768-133-0x0000000000000000-mapping.dmp

Download
memory/768-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/768-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2856-134-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3476-132-0x0000000000000000-mapping.dmp

Download
memory/3476-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3476-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download