ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329

Analysis

max time kernel
205s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:23

Target

ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe
Size

522KB
MD5

7594354c58b724b31e13a19ce0f264d3
SHA1

6cc42c20437cdf5741fb65ed40a201a4ef5c19a1
SHA256

ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329
SHA512

3daa827827ce9e25072624dd9722e3e4df677fd3698030ec5ef1bb21db4588ce52f12f795121648177dfa19f9c3c1b03b9ab6805d0085ef728ecc44d9d926e2b
SSDEEP

12288:Bcc5e1d5AiHAUBdUPclza7LCDpwtWsjYO9Atwda:BY1d5vD+cxPCrkO9qw4

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe

description	pid	process	target process
PID 4168 wrote to memory of 2796	4168	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe
PID 4168 wrote to memory of 2796	4168	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe
PID 4168 wrote to memory of 2796	4168	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe
PID 4168 wrote to memory of 4548	4168	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe
PID 4168 wrote to memory of 4548	4168	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe
PID 4168 wrote to memory of 4548	4168	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe	ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe

C:\Users\Admin\AppData\Local\Temp\ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe
"C:\Users\Admin\AppData\Local\Temp\ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4168

C:\Users\Admin\AppData\Local\Temp\ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe
start
2⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\ae9ae830870ac6186b1c4a10770cd08fe6f58b79708a6aa19b992aea02bfa329.exe
watch
2⤵
PID:4548

memory/2796-134-0x0000000000000000-mapping.dmp

Download
memory/2796-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2796-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2796-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2796-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4168-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4168-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4548-133-0x0000000000000000-mapping.dmp

Download
memory/4548-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4548-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4548-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4548-143-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download