a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1

Analysis

max time kernel
154s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:30

Target

a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe
Size

522KB
MD5

64889518252ad9c422847515e07237e2
SHA1

2c17246bf2017b705279db8ad6f3ed1967ccd229
SHA256

a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1
SHA512

925232eb50a3852ced254cf38707a96fcf6d133bfd7e455b686c8021359053c70d0bd9d72adf94af23a22b879a70718ee817d1a80851b7294ea64bbe3400d971
SSDEEP

6144:CXifU+nPUD6wcVkV5rCSAdpTTjwA0QuCazZpqmQy1CrxQqD9RSaSz+8O5qNT:x3srcVyrMdpTT0hBEy18xQqpx8O5qN

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe

description	pid	process	target process
PID 3876 wrote to memory of 4244	3876	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe
PID 3876 wrote to memory of 4244	3876	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe
PID 3876 wrote to memory of 4244	3876	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe
PID 3876 wrote to memory of 4556	3876	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe
PID 3876 wrote to memory of 4556	3876	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe
PID 3876 wrote to memory of 4556	3876	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe	a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe

C:\Users\Admin\AppData\Local\Temp\a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe
"C:\Users\Admin\AppData\Local\Temp\a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3876

C:\Users\Admin\AppData\Local\Temp\a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe
start
2⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\a393b67700f81658a0f0be16f85fd8c62f4164df5b8c249c60403e96531e4de1.exe
watch
2⤵
PID:4556

memory/3876-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3876-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3876-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4244-135-0x0000000000000000-mapping.dmp

Download
memory/4244-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4244-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4244-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4556-134-0x0000000000000000-mapping.dmp

Download
memory/4556-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4556-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4556-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download