4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb

Analysis

max time kernel
66s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:23

Target

4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe
Size

518KB
MD5

d9a056c0aea12a8be4cf136f727f384e
SHA1

4ec14c1f129969b5e2cc4c26a4b2fa165444b802
SHA256

4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb
SHA512

58422f01949f11e1a7322c584af7661c76c577a204d6306def91790bf1d310750f4ef01c76c2d692e53fc5d9edc8a059cc165d9500b9598f04d44aa4364b3322
SSDEEP

12288:F9vN1zV05r8Afj8p4NXwPUjASES/ya+WJPwTOEd/w:FT1R0bfj8ygPuAsz+OPwTvd/

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe

description	pid	process	target process
PID 1824 wrote to memory of 3112	1824	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe
PID 1824 wrote to memory of 3112	1824	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe
PID 1824 wrote to memory of 3112	1824	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe
PID 1824 wrote to memory of 4812	1824	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe
PID 1824 wrote to memory of 4812	1824	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe
PID 1824 wrote to memory of 4812	1824	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe	4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe

C:\Users\Admin\AppData\Local\Temp\4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe
"C:\Users\Admin\AppData\Local\Temp\4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Users\Admin\AppData\Local\Temp\4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe
  start
  2⤵
  PID:3112
- C:\Users\Admin\AppData\Local\Temp\4b1e386395d0b6bb353df8d45f5d210abbe81a4787d2b0ec0fd139a3c9f633eb.exe
  watch
  2⤵
  PID:4812

memory/1824-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1824-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3112-134-0x0000000000000000-mapping.dmp

Download
memory/3112-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3112-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4812-133-0x0000000000000000-mapping.dmp

Download
memory/4812-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4812-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download