ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944

Analysis

max time kernel
133s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 13:23

Target

ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944.exe
Size

707KB
MD5

9d417d54175849ac26e8e61bb7e56ffb
SHA1

4c5c486382fddb27535a3382dc3e98de80aaa624
SHA256

ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944
SHA512

31e1e68df67c0f25c66f6fcd90c7a1f523c225f389cd8ee7023dc4cb2cb0a3f45d762702ec65f5163f6a14da53ebb109412d9d8aa06fd43ca655b05fe5c7f1f4
SSDEEP

12288:JMuY+0ehnc9V0NB8/nK+J4pGXGH0VKiYiX5ZcF8L5EjNeaUslilrheMdo4f/PDS5:JA+fNiP1OQ4G5yFPJo4kQ50PscI

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

dw20.exe

pid process

1736 dw20.exe

pid	process
1736	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944.exe

description	pid	process	target process
PID 1628 wrote to memory of 1736	1628	ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944.exe	dw20.exe
PID 1628 wrote to memory of 1736	1628	ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944.exe	dw20.exe
PID 1628 wrote to memory of 1736	1628	ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944.exe	dw20.exe
PID 1628 wrote to memory of 1736	1628	ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944.exe
"C:\Users\Admin\AppData\Local\Temp\ae3a8dd7525d8116288912f3f31669a7b839f3d793f8d6686e05b6b897d1a944.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 448
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1736

memory/1628-54-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download
memory/1628-56-0x0000000074380000-0x000000007492B000-memory.dmp

Filesize
5.7MB

Download
memory/1628-58-0x0000000074380000-0x000000007492B000-memory.dmp

Filesize
5.7MB

Download
memory/1736-55-0x0000000000000000-mapping.dmp

Download