a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704

Analysis

max time kernel
167s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:30

Target

a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe
Size

518KB
MD5

187cd989c0cf654559f0e9cd425b5b2c
SHA1

5db078ede0229ad26c02ed492ac14e1c9f2073a1
SHA256

a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704
SHA512

9c8743ecfd198583407a0f3c9c4244b78c198985a871e0d08317f5c39dcc779905b4a4b03cdd76fdfeeb6fb722b69e5a79dd020d32f71f4074579d44b2b82715
SSDEEP

12288:bruNpF4qnH/KF5HL/PrwPUjASES/ya+WJPwTOEX/N9:G3FbfyHTcPuAsz+OPwTvX/

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe

description	pid	process	target process
PID 2792 wrote to memory of 1844	2792	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe
PID 2792 wrote to memory of 1844	2792	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe
PID 2792 wrote to memory of 1844	2792	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe
PID 2792 wrote to memory of 2732	2792	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe
PID 2792 wrote to memory of 2732	2792	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe
PID 2792 wrote to memory of 2732	2792	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe	a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe

C:\Users\Admin\AppData\Local\Temp\a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe
"C:\Users\Admin\AppData\Local\Temp\a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792

C:\Users\Admin\AppData\Local\Temp\a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe
start
2⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\a1cb1d8ed0bdb29824ecae82b52c005599b44b34bd1ae08a5e39598681c4e704.exe
watch
2⤵
PID:2732

memory/1844-133-0x0000000000000000-mapping.dmp

Download
memory/1844-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1844-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2732-132-0x0000000000000000-mapping.dmp

Download
memory/2732-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2732-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2792-134-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download