9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee

Analysis

max time kernel
187s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:35

Target

9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe
Size

522KB
MD5

65b16c40f1e9985b8bf05a375898dc94
SHA1

cb28d6aa58aa3c5a3d1db70c2fc1568215a4cfb7
SHA256

9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee
SHA512

5f0f33a4300fd883f0fd390e94ee94d05759e1ac9890f9fd8b8186703b6db4cb06c331a241d2ecafeb839b8357050c6a6e939bb5781c345eeb5e710244a64485
SSDEEP

12288:bkW9Xbg1lxG8yrfCzxo4xUupSMrFCsNEfF4Sx:bkW9XbVzraG4quouFCsNaHx

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe

description	pid	process	target process
PID 4204 wrote to memory of 220	4204	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe
PID 4204 wrote to memory of 220	4204	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe
PID 4204 wrote to memory of 220	4204	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe
PID 4204 wrote to memory of 116	4204	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe
PID 4204 wrote to memory of 116	4204	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe
PID 4204 wrote to memory of 116	4204	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe	9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe

C:\Users\Admin\AppData\Local\Temp\9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe
"C:\Users\Admin\AppData\Local\Temp\9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4204

C:\Users\Admin\AppData\Local\Temp\9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe
start
2⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\9a00bbe9fb993ffe1701a9f4c7182984b9e771a7df8fe4db0036ee5bd0ec22ee.exe
watch
2⤵
PID:116

memory/116-132-0x0000000000000000-mapping.dmp

Download
memory/116-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/116-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/220-133-0x0000000000000000-mapping.dmp

Download
memory/220-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/220-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4204-134-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download