fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:35

Target

fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe
Size

518KB
MD5

3e16d9a4aac0731d199e317d11300f97
SHA1

38c16a36684d8261042dec203810ff8bd7b91e38
SHA256

fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e
SHA512

a215d14cf68e2406b4c951c502314f05e6c862c3a79309d05ad121fc20ec8f5edd466fc68643509d421211f6086fb2fed2896ae0bc10eb92687a6c4461d56eba
SSDEEP

12288:9pgBqo8+eIGeSBrnjYOzZzoMW+kwPUjASES/ya+WJPwTOEz/C:97eSFn35JWyPuAsz+OPwTvz/

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe

description	pid	process	target process
PID 3436 wrote to memory of 4920	3436	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe
PID 3436 wrote to memory of 4920	3436	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe
PID 3436 wrote to memory of 4920	3436	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe
PID 3436 wrote to memory of 4928	3436	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe
PID 3436 wrote to memory of 4928	3436	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe
PID 3436 wrote to memory of 4928	3436	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe	fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe

C:\Users\Admin\AppData\Local\Temp\fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe
"C:\Users\Admin\AppData\Local\Temp\fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3436

C:\Users\Admin\AppData\Local\Temp\fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe
start
2⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\fefa154404f482e8ba2315c97691fa4ddf0d58d0419db90e6105890c8af65c7e.exe
watch
2⤵
PID:4928

memory/3436-134-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4920-133-0x0000000000000000-mapping.dmp

Download
memory/4920-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4920-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4928-132-0x0000000000000000-mapping.dmp

Download
memory/4928-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4928-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4928-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download