ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa

Analysis

max time kernel
172s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:25

Target

ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe
Size

522KB
MD5

36bc61ee7574038b471c8d55b5c29b37
SHA1

9068ad0995c2898813bbeba9d02393caf00509fa
SHA256

ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa
SHA512

5b8bb3211b4d1f22799190bcdb10b6d30052db5fc0f105002ffedfb77c94705b3f4b65a0822e1522ecc0573bca73165354a5b3d4e6141d185141589502d07201
SSDEEP

12288:1UUa4cFNdnhkU3/BHHm0rh48Wy18xQqpx8O5b:1U1jRuU3/BHGygatqpx8

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe

description	pid	process	target process
PID 1056 wrote to memory of 4256	1056	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe
PID 1056 wrote to memory of 4256	1056	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe
PID 1056 wrote to memory of 4256	1056	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe
PID 1056 wrote to memory of 3532	1056	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe
PID 1056 wrote to memory of 3532	1056	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe
PID 1056 wrote to memory of 3532	1056	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe	ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe

C:\Users\Admin\AppData\Local\Temp\ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe
"C:\Users\Admin\AppData\Local\Temp\ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1056

C:\Users\Admin\AppData\Local\Temp\ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe
start
2⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\ab6794dc2f3e5c666cf24b52d2da7a7b68f31964a49d9948d8343264266339fa.exe
watch
2⤵
PID:3532

memory/1056-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1056-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1056-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3532-134-0x0000000000000000-mapping.dmp

Download
memory/3532-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3532-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3532-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4256-135-0x0000000000000000-mapping.dmp

Download
memory/4256-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4256-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4256-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download