a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7

Analysis

max time kernel
202s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:29

Target

a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe
Size

518KB
MD5

7e2fa42470ce802ca5d48754f068d297
SHA1

bf8d18a8b30577cfb0393777a67df303b59e2de6
SHA256

a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7
SHA512

cc606a6756009605ffa11fcc013f6d91ac5910eb69e58266aeb9812783b1f03e035395ad681d6e8d56b3101f5a57d5ccba847ad22db5e771592d2206d00cbab2
SSDEEP

12288:r4cxyqergZNFF7xDMwPUjASES/ya+WJPwTOEq/hv:kcfVZfbPuAsz+OPwTvq/

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe

description	pid	process	target process
PID 3596 wrote to memory of 4336	3596	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe
PID 3596 wrote to memory of 4336	3596	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe
PID 3596 wrote to memory of 4336	3596	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe
PID 3596 wrote to memory of 4448	3596	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe
PID 3596 wrote to memory of 4448	3596	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe
PID 3596 wrote to memory of 4448	3596	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe	a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe

C:\Users\Admin\AppData\Local\Temp\a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe
"C:\Users\Admin\AppData\Local\Temp\a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3596

C:\Users\Admin\AppData\Local\Temp\a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe
start
2⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\a48b1676cb2189ae1aebc2ba98fca3abcbd3c20674e06e36e7852790a1a03ec7.exe
watch
2⤵
PID:4448

memory/3596-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3596-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4336-134-0x0000000000000000-mapping.dmp

Download
memory/4336-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4336-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4336-140-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4448-133-0x0000000000000000-mapping.dmp

Download
memory/4448-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4448-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4448-141-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download