94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e

Analysis

max time kernel
146s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:37

Target

94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe
Size

518KB
MD5

58662ee4aaa4ffed137935b501a163dd
SHA1

7470aca9ca3024b4072b7bcf7689a520666d6d48
SHA256

94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e
SHA512

fe7735475394ef44a64fc3c68aef2606bcb031b70dff7b230381151643fd4b1e63afcc1b862cd9e3cb06b2a8d58a12b2655c97e8d1255590afbeacd1df2d9954
SSDEEP

12288:7t3M1IbZVJDRTqwwPUjASES/ya+WJPwTOEf/h7:pZDpqnPuAsz+OPwTvf/

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe

description	pid	process	target process
PID 4660 wrote to memory of 4144	4660	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe
PID 4660 wrote to memory of 4144	4660	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe
PID 4660 wrote to memory of 4144	4660	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe
PID 4660 wrote to memory of 2956	4660	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe
PID 4660 wrote to memory of 2956	4660	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe
PID 4660 wrote to memory of 2956	4660	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe	94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe

C:\Users\Admin\AppData\Local\Temp\94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe
"C:\Users\Admin\AppData\Local\Temp\94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4660

C:\Users\Admin\AppData\Local\Temp\94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe
watch
2⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\94851a1a0b005ca6ceb7281600af5edc7af186c7725bbdc5976ea19ef3b3c46e.exe
start
2⤵
PID:4144

memory/2956-132-0x0000000000000000-mapping.dmp

Download
memory/2956-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2956-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4144-133-0x0000000000000000-mapping.dmp

Download
memory/4144-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4144-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4660-134-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download