20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497

Analysis

max time kernel
170s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:21

Target

20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe
Size

522KB
MD5

f9fbed57f954f049c496f8ed61d76e02
SHA1

d712d5afe7dfcefa2d22bb41243aa0bfe5a27bc5
SHA256

20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497
SHA512

21dc11ed7cbc9930d726e0f74faaa7b9360a02fb3780a6a63c404c5f53e1cc3a561cde91a5bc6c62457fb762050e0dbad0da1c4b73a449553a90e1a0fd810665
SSDEEP

6144:ODsxTdjFwpbJ/cBk6+fIiLtslH58zmQy1CrxQqD9RSaSz+8O525:Zjeh6ax6Gpy18xQqpx8O52

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe

description	pid	process	target process
PID 2844 wrote to memory of 1444	2844	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe
PID 2844 wrote to memory of 1444	2844	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe
PID 2844 wrote to memory of 1444	2844	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe
PID 2844 wrote to memory of 3456	2844	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe
PID 2844 wrote to memory of 3456	2844	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe
PID 2844 wrote to memory of 3456	2844	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe	20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe

C:\Users\Admin\AppData\Local\Temp\20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe
"C:\Users\Admin\AppData\Local\Temp\20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2844

C:\Users\Admin\AppData\Local\Temp\20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe
start
2⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\20e39ce425f9166eb7373d3e89804c72e00221828874ffd215bfea86d97b2497.exe
watch
2⤵
PID:3456

memory/1444-134-0x0000000000000000-mapping.dmp

Download
memory/1444-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1444-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1444-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2844-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2844-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3456-133-0x0000000000000000-mapping.dmp

Download
memory/3456-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3456-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3456-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download