fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b

Analysis

max time kernel
189s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:38

Target

fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe
Size

518KB
MD5

a12d8aac8fa6760f1418af45b6de35a9
SHA1

0416b3335ab9cb72c8d568f253eaf9123f94b9b3
SHA256

fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b
SHA512

c47c20305caecb76e1eef855d62d7bcebcaaf2318105164addd2032c4475513b602724830d3585746f2c52e0c7a4cf469b526c4a433a991b7cffda1a812029c6
SSDEEP

12288:I4tkyq5O2d8qdt705OURb+taXwPUjASES/ya+WJPwTOE9/0:FtkdU2aq3OOURbkagPuAsz+OPwTv9/

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe

description	pid	process	target process
PID 1980 wrote to memory of 4624	1980	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe
PID 1980 wrote to memory of 4624	1980	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe
PID 1980 wrote to memory of 4624	1980	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe
PID 1980 wrote to memory of 3008	1980	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe
PID 1980 wrote to memory of 3008	1980	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe
PID 1980 wrote to memory of 3008	1980	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe	fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe

C:\Users\Admin\AppData\Local\Temp\fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe
"C:\Users\Admin\AppData\Local\Temp\fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Users\Admin\AppData\Local\Temp\fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe
  start
  2⤵
  PID:4624
- C:\Users\Admin\AppData\Local\Temp\fa915064404283bbcde1b7ee24cfd6383b4a2e2e48525aa1580f989299e05f9b.exe
  watch
  2⤵
  PID:3008

memory/1980-134-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3008-132-0x0000000000000000-mapping.dmp

Download
memory/3008-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3008-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4624-133-0x0000000000000000-mapping.dmp

Download
memory/4624-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4624-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download