920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:39

Target

920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe
Size

522KB
MD5

053085bf3e590b7cff35c9663493a51e
SHA1

5aaaf22e557bb9a286c53684c783bce9f8527d3e
SHA256

920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7
SHA512

a8e90eda0786a7676f976328938dc079c912ac7163a41e5a0a25b261bb99599c02ddf7b4ba8aedc1163bded9f85cb33f659c152379db81dcf9661ad94da50ca8
SSDEEP

12288:2XdHkpdPhlCpWE9YQxDpwtWsjYO9Atw0:CdHAZhAwAxCrkO9qw

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe

description	pid	process	target process
PID 2220 wrote to memory of 2204	2220	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe
PID 2220 wrote to memory of 2204	2220	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe
PID 2220 wrote to memory of 2204	2220	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe
PID 2220 wrote to memory of 4720	2220	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe
PID 2220 wrote to memory of 4720	2220	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe
PID 2220 wrote to memory of 4720	2220	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe	920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe

C:\Users\Admin\AppData\Local\Temp\920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe
"C:\Users\Admin\AppData\Local\Temp\920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220

C:\Users\Admin\AppData\Local\Temp\920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe
start
2⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\920d3b89f21a6b2c3e4c9e75dc8d6451f7741dc340a5b015dffeb8389b1105a7.exe
watch
2⤵
PID:4720

memory/2204-134-0x0000000000000000-mapping.dmp

Download
memory/2204-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2204-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2204-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2220-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2220-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4720-133-0x0000000000000000-mapping.dmp

Download
memory/4720-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4720-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4720-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download