a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3

Analysis

max time kernel
75s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:28

Target

a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe
Size

522KB
MD5

41e8330748fbfd5f8dc606aca64f18b6
SHA1

5b37bffbc3e8b7fe7de366b3c9031ef4aa18bc15
SHA256

a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3
SHA512

ebb7b15d068af8fa29fb5ed7b5d14f38517897a241c10817d7e461d0ebf8e2717a951bb7eb904a6bb85a075e36690362aceb593aaa77dbc1ed1f254e36978c3b
SSDEEP

12288:2ra6e9W5V/068u4a//DpwtWsjYO9Atw+m:2GRKVcutCrkO9qwr

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe

description	pid	process	target process
PID 3540 wrote to memory of 3952	3540	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe
PID 3540 wrote to memory of 3952	3540	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe
PID 3540 wrote to memory of 3952	3540	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe
PID 3540 wrote to memory of 2332	3540	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe
PID 3540 wrote to memory of 2332	3540	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe
PID 3540 wrote to memory of 2332	3540	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe	a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe

C:\Users\Admin\AppData\Local\Temp\a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe
"C:\Users\Admin\AppData\Local\Temp\a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Users\Admin\AppData\Local\Temp\a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe
  start
  2⤵
  PID:3952
- C:\Users\Admin\AppData\Local\Temp\a64138636666c4527c6f909639dab3217f7382c026dfa68a1f527a21de1261d3.exe
  watch
  2⤵
  PID:2332

memory/2332-133-0x0000000000000000-mapping.dmp

Download
memory/2332-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2332-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2332-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3540-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3540-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3952-134-0x0000000000000000-mapping.dmp

Download
memory/3952-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3952-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3952-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download