fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6

Analysis

max time kernel
47s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:35

Target

fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe
Size

524KB
MD5

56af622340eaaac76af0b259e980f342
SHA1

e320c2ad59dc956bc86104de791cec8eb7ee4427
SHA256

fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6
SHA512

d3e05847232509f752e4117b076da1288048e9bbcb1ff69bc1c6eb914a54949b464e4b56c1b3cfbf5d302137961bd1b2ecdbf6ac9483b325b9c3351c1d48f284
SSDEEP

12288:86vzfegzPMA7wL7cHeG4VzvBVKXCuapzDBGSd:rj9jHZ4VzvSXCXDVd

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe

description	pid	process	target process
PID 1140 wrote to memory of 1260	1140	fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe	fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe
PID 1140 wrote to memory of 1260	1140	fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe	fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe
PID 1140 wrote to memory of 1260	1140	fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe	fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe
PID 1140 wrote to memory of 1260	1140	fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe	fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe

C:\Users\Admin\AppData\Local\Temp\fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe
"C:\Users\Admin\AppData\Local\Temp\fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Users\Admin\AppData\Local\Temp\fec06d4c263f7f25926d951a7e5ca0b2d682caffadd78785b8748619396495e6.exe
  tear
  2⤵
  PID:1260

memory/1140-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1140-56-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1260-55-0x0000000000000000-mapping.dmp

Download
memory/1260-58-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1260-59-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download