441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff

Analysis

max time kernel
112s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:28

Target

441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe
Size

531KB
MD5

a76f8cfaf4d43839f95fa2af34cacc8e
SHA1

068f68e3f8f09f8bcc8b6f86c9b57582474c72be
SHA256

441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff
SHA512

ab6aa3c4da1d50dfc78fa0c21605136b658629e10009942c1f1cb827de56aa1b86f8686f0d4369041d495c60f58fe843ee79777fc5fa01181c176cbbd1c0435c
SSDEEP

12288:g4ukTKBNl4I9fQQI5tn5Vk/w3xus16h+YzpmyTrR:g4ukuB7fQQwnS0X16EMsy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe

description	pid	process	target process
PID 4848 wrote to memory of 1412	4848	441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe	441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe
PID 4848 wrote to memory of 1412	4848	441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe	441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe
PID 4848 wrote to memory of 1412	4848	441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe	441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe

C:\Users\Admin\AppData\Local\Temp\441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe
"C:\Users\Admin\AppData\Local\Temp\441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848

C:\Users\Admin\AppData\Local\Temp\441a549f6b7d5fe1f4748c0368652426e79b3c28dd3e2d8e439d92681f79aaff.exe
tear
2⤵
PID:1412

memory/1412-133-0x0000000000000000-mapping.dmp

Download
memory/1412-135-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/1412-136-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/4848-132-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/4848-134-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download