ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977

Analysis

max time kernel
141s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 15:53

Target

ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe
Size

637KB
MD5

24c87d15d3655c8efdf3b0bcc8ad8c43
SHA1

dc3d8efe0eba85c8f2a7dd7259fca6d1420f1ebd
SHA256

ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977
SHA512

3b7b0fa8a390f0d35f96729dc7cc7c248624a78c83ac40bf7b651b65205d03438c15856cee58c3e49051f7c28b2ed803dcd0919208aecf00d242693955fe157b
SSDEEP

12288:qVd802EFXB2l4qIVm/hmx6dX1Yit4bCDPwrIuZAoXQna/KXpSH8qP2G3AHSXkG:s831IVm/hbX1Yit4b3dZAoXQnxwH8qe8

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

dw20.exe

pid process

764 dw20.exe

pid	process
764	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe

description	pid	process	target process
PID 1416 wrote to memory of 764	1416	ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe	dw20.exe
PID 1416 wrote to memory of 764	1416	ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe	dw20.exe
PID 1416 wrote to memory of 764	1416	ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe	dw20.exe
PID 1416 wrote to memory of 764	1416	ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe
"C:\Users\Admin\AppData\Local\Temp\ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1416

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 436
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:764

memory/764-56-0x0000000000000000-mapping.dmp

Download
memory/1416-54-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download
memory/1416-55-0x0000000074960000-0x0000000074F0B000-memory.dmp

Filesize
5.7MB

Download
memory/1416-58-0x0000000074960000-0x0000000074F0B000-memory.dmp

Filesize
5.7MB

Download