ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029

Analysis

max time kernel
305s
max time network
383s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 15:54

Target

ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe
Size

522KB
MD5

d24f74d858bd12a1fad6ed15708d441d
SHA1

6cd46276e90f6d6cdbd2af5503829213e6210a43
SHA256

ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029
SHA512

e8df1ff3383ff7a871f133150f09babaf4ac0c985510df44452a9784a6a38d243fb23962739b93933fd8e4460f89b127e48d3e65adc851501db0a60e775fce92
SSDEEP

12288:0xD5IAx0j2J/8dQNM+Ny18xQqpx8O5xd:0481BNatqpx8I

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe

description	pid	process	target process
PID 388 wrote to memory of 3840	388	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe
PID 388 wrote to memory of 3840	388	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe
PID 388 wrote to memory of 3840	388	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe
PID 388 wrote to memory of 3740	388	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe
PID 388 wrote to memory of 3740	388	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe
PID 388 wrote to memory of 3740	388	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe	ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe

C:\Users\Admin\AppData\Local\Temp\ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe
"C:\Users\Admin\AppData\Local\Temp\ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:388

C:\Users\Admin\AppData\Local\Temp\ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe
start
2⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\ccbfb94112bcc4a66a00320565045b2530491e9fb65117bc2e08a7842aaa2029.exe
watch
2⤵
PID:3740

memory/388-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/388-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3740-133-0x0000000000000000-mapping.dmp

Download
memory/3740-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3740-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3840-134-0x0000000000000000-mapping.dmp

Download
memory/3840-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3840-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download