f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce

Analysis

max time kernel
203s
max time network
286s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:41

Target

f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe
Size

529KB
MD5

bf4574a69feab9b93c2b4459a60a928e
SHA1

a9770c13afc2d95948defb9ef9eeba60cec4879a
SHA256

f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce
SHA512

85d2d4d36916884fbc2acc5437015af3a532f919d0f602a7887ceb47ab6f21a76f355c544ed2326126f366d02db589b8d3da921e210b0647287dd4143e917628
SSDEEP

12288:AB2RCdT7Tq42daIY5ll+GPTe2EdMwTVjRJ49dFgaKfHUbvwFOB:S2RYT4cIGPTe2iV1S9dcfHCvw8B

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe

description	pid	process	target process
PID 60 wrote to memory of 1912	60	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe
PID 60 wrote to memory of 1912	60	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe
PID 60 wrote to memory of 1912	60	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe
PID 60 wrote to memory of 1228	60	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe
PID 60 wrote to memory of 1228	60	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe
PID 60 wrote to memory of 1228	60	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe	f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe

C:\Users\Admin\AppData\Local\Temp\f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe
"C:\Users\Admin\AppData\Local\Temp\f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:60
- C:\Users\Admin\AppData\Local\Temp\f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe
  start
  2⤵
  PID:1912
- C:\Users\Admin\AppData\Local\Temp\f69db4c15aed1f12b07463f4f5ed9de3bb17611f39a41f182ac93d283504c7ce.exe
  watch
  2⤵
  PID:1228

memory/60-134-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1228-132-0x0000000000000000-mapping.dmp

Download
memory/1228-136-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1228-138-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1912-133-0x0000000000000000-mapping.dmp

Download
memory/1912-135-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1912-137-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download