9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0

Analysis

max time kernel
147s
max time network
232s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 13:34

Target

9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe
Size

524KB
MD5

4661d79ddeb6f382712c9b1ea905cb60
SHA1

3062fc4f03af523519ef584201e6a26cd8647198
SHA256

9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0
SHA512

21e7bc8fc75d995a16f82610f3236475c06921a6580360a422022cc6037b4f53b6b0572bc229e5aa6865a1f075f80e1260eb25700c7e14a8394dcdb425a10013
SSDEEP

12288:rPwvhkzPpYJ6q9Xf6e3K7oc5M1lagjnRyPSAMuP:rPwvhqpYJ6q9iUK0FagjRyPSAMk

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe

description	pid	process	target process
PID 560 wrote to memory of 1344	560	9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe	9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe
PID 560 wrote to memory of 1344	560	9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe	9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe
PID 560 wrote to memory of 1344	560	9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe	9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe
PID 560 wrote to memory of 1344	560	9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe	9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe

C:\Users\Admin\AppData\Local\Temp\9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe
"C:\Users\Admin\AppData\Local\Temp\9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:560

C:\Users\Admin\AppData\Local\Temp\9b9d77b64aa5b38bd6038c189f77a36361f0b24bfa3bb7a79b66541b076a11d0.exe
tear
2⤵
PID:1344

memory/560-54-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/560-55-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/560-57-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1344-56-0x0000000000000000-mapping.dmp

Download
memory/1344-59-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1344-60-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/1344-61-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download