5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3

Analysis

max time kernel
260s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:14

Target

5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe
Size

522KB
MD5

b957a01175c8302cb41a3bc05b09aa3b
SHA1

2c5cd776f778abbfe7d42b08b029b858ca46c053
SHA256

5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3
SHA512

4b529f4c67c0b5a2be26d9494c7022665487d4a0d289c6b1485f11d7b3f4629a1937bc52ffda1fb39987b16593d3e1e9b248dd38076a6bdaa4720b9a59d637bf
SSDEEP

6144:iW74DBbVk9tturQu5rICxDp5dIdBlMZrfFc4/mHLnHRbmQy1CrxQqD9RSaSz+8Oi:X74DB7QuxsSNPKrPy18xQqpx8O5O

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe

description	pid	process	target process
PID 3120 wrote to memory of 764	3120	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe
PID 3120 wrote to memory of 764	3120	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe
PID 3120 wrote to memory of 764	3120	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe
PID 3120 wrote to memory of 2488	3120	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe
PID 3120 wrote to memory of 2488	3120	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe
PID 3120 wrote to memory of 2488	3120	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe	5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe

C:\Users\Admin\AppData\Local\Temp\5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe
"C:\Users\Admin\AppData\Local\Temp\5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Users\Admin\AppData\Local\Temp\5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe
  start
  2⤵
  PID:764
- C:\Users\Admin\AppData\Local\Temp\5a851c60b4adab517a97e2fc5e11794636de2bf5c1a2f27dd6a4fd3bed5391a3.exe
  watch
  2⤵
  PID:2488

memory/764-136-0x0000000000000000-mapping.dmp

Download
memory/764-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/764-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/764-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2488-135-0x0000000000000000-mapping.dmp

Download
memory/2488-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2488-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2488-143-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3120-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3120-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3120-134-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3120-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download