fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2

Analysis

max time kernel
144s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:36

Target

fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe
Size

522KB
MD5

7dc01d94ccc1e81d2dd4029cf23a357e
SHA1

2ca40709d19dad68a09a72cc9e56ba5dcd4f32ee
SHA256

fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2
SHA512

61f4257d2757362305d7357301a85d67b0f23302b236304ae42e2d88231f973d8636d98ec9ae7b55a4f3fadcb73295e0800a2bd60a3dfc77535a92642fd12417
SSDEEP

12288:qYObHkBuNej6SNeXEJj6CDpwtWsjYO9Atwv:z6HkgUPeUJjPCrkO9qw

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe

description	pid	process	target process
PID 4528 wrote to memory of 5008	4528	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe
PID 4528 wrote to memory of 5008	4528	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe
PID 4528 wrote to memory of 5008	4528	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe
PID 4528 wrote to memory of 4988	4528	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe
PID 4528 wrote to memory of 4988	4528	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe
PID 4528 wrote to memory of 4988	4528	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe	fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe

C:\Users\Admin\AppData\Local\Temp\fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe
"C:\Users\Admin\AppData\Local\Temp\fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4528

C:\Users\Admin\AppData\Local\Temp\fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe
start
2⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\fd2d866f75f4c80f61ccea8a2483cd21e8d1543174345b3fcb1cc14db4700ef2.exe
watch
2⤵
PID:4988

memory/4528-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4528-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4988-133-0x0000000000000000-mapping.dmp

Download
memory/4988-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4988-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4988-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5008-134-0x0000000000000000-mapping.dmp

Download
memory/5008-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5008-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download