820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573

Analysis

max time kernel
172s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 16:42

Target

820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe
Size

529KB
MD5

6f0a3e9b705fb73e74719ee4d19f7c07
SHA1

427bea0822a3797dbc140de0fa7953cb6ab38768
SHA256

820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573
SHA512

244a71ff34ff0c968a9a6ce2d91f5910b942acf33a6bb86eb7373c37c141a78aa302dd30fc99ba700addb60bfa712742f2dffaf1683a21b7db14842736eeb9c6
SSDEEP

12288:veWmaGk0ebpiylYTwDPTe2EdMwTVjRJ49dFgaKfH7bvwUO:veWBbUyWEDPTe2iV1S9dcfHfvwB

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe

description	pid	process	target process
PID 2996 wrote to memory of 4912	2996	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe
PID 2996 wrote to memory of 4912	2996	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe
PID 2996 wrote to memory of 4912	2996	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe
PID 2996 wrote to memory of 4920	2996	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe
PID 2996 wrote to memory of 4920	2996	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe
PID 2996 wrote to memory of 4920	2996	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe	820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe

C:\Users\Admin\AppData\Local\Temp\820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe
"C:\Users\Admin\AppData\Local\Temp\820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Users\Admin\AppData\Local\Temp\820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe
  start
  2⤵
  PID:4912
- C:\Users\Admin\AppData\Local\Temp\820b50c9303f6e26abd593dd2377d2df8d3f28163354e8584238247c959f4573.exe
  watch
  2⤵
  PID:4920

memory/2996-134-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/4912-133-0x0000000000000000-mapping.dmp

Download
memory/4912-135-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/4912-137-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/4920-132-0x0000000000000000-mapping.dmp

Download
memory/4920-136-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/4920-138-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/4920-139-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download