cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3

Analysis

max time kernel
153s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 15:53

Target

cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe
Size

522KB
MD5

864234fe8b3157419dd371a3881ad7d3
SHA1

6250f9acfa6a4956183cbe03790e70ac07de55c5
SHA256

cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3
SHA512

7639182e2e35197a45b998641b81dbcf05b9179a0162deae88702355b4722f86a86c66a35a4062ca3dde9815112f0c82b4fd8fde51ca260b68aa2e5f32427ba2
SSDEEP

12288:mwql6ARRy5CMuY8SW2/tuy18xQqpx8O5nk:mLlVCzB8Sfsatqpx8J

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe

description	pid	process	target process
PID 4552 wrote to memory of 224	4552	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe
PID 4552 wrote to memory of 224	4552	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe
PID 4552 wrote to memory of 224	4552	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe
PID 4552 wrote to memory of 216	4552	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe
PID 4552 wrote to memory of 216	4552	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe
PID 4552 wrote to memory of 216	4552	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe	cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe

C:\Users\Admin\AppData\Local\Temp\cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe
"C:\Users\Admin\AppData\Local\Temp\cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4552

C:\Users\Admin\AppData\Local\Temp\cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe
start
2⤵
PID:224

C:\Users\Admin\AppData\Local\Temp\cda54a6824a6fb071d99e814e947c9bc5e0d38fae2c60c85d0e5d097270b91e3.exe
watch
2⤵
PID:216

memory/216-134-0x0000000000000000-mapping.dmp

Download
memory/216-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/216-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/216-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/224-135-0x0000000000000000-mapping.dmp

Download
memory/224-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/224-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/224-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4552-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4552-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4552-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download