853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053

Analysis

max time kernel
146s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:47

Target

853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe
Size

522KB
MD5

4ef352616aabd72b2701a8a82f9472f6
SHA1

cff77512086f61e6af42f6fc53ab8024497b1450
SHA256

853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053
SHA512

576ac26cdfb43310d0f02262e74e3d141736a7d2e053723cfea831b86fb362ee7c44ef6116a6bbaf6572e523b03a343e0c075f062a04ec22d39d6455859b8c7a
SSDEEP

6144:iBIyeoadSz3thkw19ejk3awhsMDYoztO2agxwPPCzCaqpUxdrZPkTY/210YO9ALW:igbtw+4/RO2jwPPKCDpwtWsjYO9Atw9

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe

description	pid	process	target process
PID 1972 wrote to memory of 1428	1972	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe
PID 1972 wrote to memory of 1428	1972	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe
PID 1972 wrote to memory of 1428	1972	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe
PID 1972 wrote to memory of 620	1972	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe
PID 1972 wrote to memory of 620	1972	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe
PID 1972 wrote to memory of 620	1972	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe	853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe

C:\Users\Admin\AppData\Local\Temp\853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe
"C:\Users\Admin\AppData\Local\Temp\853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1972

C:\Users\Admin\AppData\Local\Temp\853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe
start
2⤵
PID:1428

C:\Users\Admin\AppData\Local\Temp\853d25f58c580e7ce48185c7aa965ed2a7431ba779d4473d54ce598b02fe3053.exe
watch
2⤵
PID:620

memory/620-133-0x0000000000000000-mapping.dmp

Download
memory/620-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/620-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/620-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/620-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1428-134-0x0000000000000000-mapping.dmp

Download
memory/1428-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1428-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1428-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1972-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1972-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download