1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e

Analysis

max time kernel
151s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:21

Target

1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe
Size

522KB
MD5

861db4dc51a74119bb87f9b3b3cf97ff
SHA1

a332003abbdfb174d7c028951adc61dcd07d18b0
SHA256

1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e
SHA512

7daa4b82c0b20899601e8c68e1baeefcadb6dc60f5bef33048fb65646cfbb90a9622ca544c84967ed1bd7fabd02e6a8e2297a72bb34e7b01bcc704cb8f0a3f90
SSDEEP

12288:WguFcYC/cDddMLJiOtvnljCly18xQqpx8O5KY:WglY7DdutF32latqpx8

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe

description	pid	process	target process
PID 1612 wrote to memory of 1208	1612	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe
PID 1612 wrote to memory of 1208	1612	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe
PID 1612 wrote to memory of 1208	1612	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe
PID 1612 wrote to memory of 2188	1612	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe
PID 1612 wrote to memory of 2188	1612	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe
PID 1612 wrote to memory of 2188	1612	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe	1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe

C:\Users\Admin\AppData\Local\Temp\1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe
"C:\Users\Admin\AppData\Local\Temp\1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1612

C:\Users\Admin\AppData\Local\Temp\1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe
start
2⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\1fa609726d25e36126671eafeb45220935591177a0e0f26cf73af3756eb5653e.exe
watch
2⤵
PID:2188

memory/1208-134-0x0000000000000000-mapping.dmp

Download
memory/1208-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1208-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1208-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1612-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1612-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2188-133-0x0000000000000000-mapping.dmp

Download
memory/2188-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2188-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2188-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download