965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587

Analysis

max time kernel
144s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:36

Target

965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe
Size

522KB
MD5

ab7c0cdcc6e3a4562a053527c043406d
SHA1

bf9cd66b7f6d026f5d6f0c48060b610313fd6965
SHA256

965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587
SHA512

181441f7ada38e7fe051d30c73f1f1b4f0fe2b3e4519e2c3d577ba04bb9104f58355867430dfcf987a6a4d9dea204b807528a0ef9831ce752c041535256f3feb
SSDEEP

12288:jFliM2jhqR+NtYmiD9huaA/ICDpwtWsjYO9Atwt:j2MOXEHzA/VCrkO9qw

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe

description	pid	process	target process
PID 3480 wrote to memory of 3988	3480	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe
PID 3480 wrote to memory of 3988	3480	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe
PID 3480 wrote to memory of 3988	3480	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe
PID 3480 wrote to memory of 1672	3480	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe
PID 3480 wrote to memory of 1672	3480	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe
PID 3480 wrote to memory of 1672	3480	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe	965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe

C:\Users\Admin\AppData\Local\Temp\965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe
"C:\Users\Admin\AppData\Local\Temp\965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3480

C:\Users\Admin\AppData\Local\Temp\965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe
start
2⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\965f7fee6d22a44cddf2d36663aa7a00a34362c29a0abe57e192a88923f53587.exe
watch
2⤵
PID:1672

memory/1672-133-0x0000000000000000-mapping.dmp

Download
memory/1672-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1672-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1672-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3480-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3480-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3988-134-0x0000000000000000-mapping.dmp

Download
memory/3988-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3988-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3988-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download