f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2

Analysis

max time kernel
327s
max time network
364s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:41

Target

f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe
Size

524KB
MD5

7462f60622dee0264ab9dbbb27860396
SHA1

de63c1fdd2bac359597f41502e0e0ba4ec9b1dfe
SHA256

f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2
SHA512

9c0ffdbd696dd0a17a1b9ff89289b618137ba94980b0d28b962499d4fe954d19c596a12bab9fc701bda113efbffef90d70998113c645ac32eb251d537c28304d
SSDEEP

12288:aNaVvS1bSThr3IHgq5VzvBVKXCuapzDBGy/:oaZS+1CgsVzvSXCXDD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe

description	pid	process	target process
PID 1288 wrote to memory of 3124	1288	f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe	f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe
PID 1288 wrote to memory of 3124	1288	f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe	f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe
PID 1288 wrote to memory of 3124	1288	f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe	f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe

C:\Users\Admin\AppData\Local\Temp\f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe
"C:\Users\Admin\AppData\Local\Temp\f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Users\Admin\AppData\Local\Temp\f5ceec5f9166715c331297ef5a18a4025f59ae1be49b11267269d9c8a48abbe2.exe
  tear
  2⤵
  PID:3124

memory/1288-133-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1288-134-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1288-136-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/3124-135-0x0000000000000000-mapping.dmp

Download
memory/3124-137-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/3124-138-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/3124-139-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download