92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c

Analysis

max time kernel
185s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:39

Target

92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe
Size

522KB
MD5

7dd69d56411d8852ac2ac60de4e78404
SHA1

307f6f29753d7e1ce842a1bd21275d6f0e4f8e67
SHA256

92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c
SHA512

c481910309fedd3285d3b9f1c592b928e1a70d77852410d5bb59cb8f61ebf1310390f9721656126971a0ddcecfeb46ba844403ddf18d2550966da54b57d58fb2
SSDEEP

6144:DL1niHQFGsvxbtbvpMwyNq2XklaaHNxQ0K0SD2wQ7CaqpUxdrZPkTY/210YO9ALJ:3QqziXmBQ3Q7CDpwtWsjYO9AtwR6y

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe

description	pid	process	target process
PID 4108 wrote to memory of 2424	4108	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe
PID 4108 wrote to memory of 2424	4108	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe
PID 4108 wrote to memory of 2424	4108	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe
PID 4108 wrote to memory of 2336	4108	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe
PID 4108 wrote to memory of 2336	4108	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe
PID 4108 wrote to memory of 2336	4108	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe	92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe

C:\Users\Admin\AppData\Local\Temp\92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe
"C:\Users\Admin\AppData\Local\Temp\92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4108

C:\Users\Admin\AppData\Local\Temp\92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe
start
2⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\92dd94860f3780a7c3bb4c9eb1a95bd5114048370211f8d07e49a007b58e4a0c.exe
watch
2⤵
PID:2336

memory/2336-133-0x0000000000000000-mapping.dmp

Download
memory/2336-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2336-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2336-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2424-134-0x0000000000000000-mapping.dmp

Download
memory/2424-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2424-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2424-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4108-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4108-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download