6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902

Analysis

max time kernel
9s
max time network
47s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 16:54

Target

6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
Size

537KB
MD5

af15898921a7271b41424cf4e937e0f7
SHA1

c20af7be6a7864b91f0b43f1e9b4e6f56bf71cad
SHA256

6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902
SHA512

5c3edbd3017d1664eb60963f8e8001c46ab754915b309bc17465592ce07207242a87b6ac728fb5ab3ed9b0bcaf4bf5d22866d72591da9dc807e871a3665c8114
SSDEEP

12288:DN1sSFnesDiPorLNvpyCqi8ka8nmCEJdTye63Qme23:gSFnrGo3hpXqi8kJcDmek

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe

description	pid	process	target process
PID 472 wrote to memory of 1216	472	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
PID 472 wrote to memory of 1216	472	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
PID 472 wrote to memory of 1216	472	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
PID 472 wrote to memory of 1216	472	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
PID 472 wrote to memory of 1220	472	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
PID 472 wrote to memory of 1220	472	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
PID 472 wrote to memory of 1220	472	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
PID 472 wrote to memory of 1220	472	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe	6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe

C:\Users\Admin\AppData\Local\Temp\6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
"C:\Users\Admin\AppData\Local\Temp\6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:472
- C:\Users\Admin\AppData\Local\Temp\6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
  start
  2⤵
  PID:1216
- C:\Users\Admin\AppData\Local\Temp\6e67cb4f2a4c8f4f2fe7e602ec28ab707b38a1464e07312f12bfb107f7750902.exe
  watch
  2⤵
  PID:1220

memory/472-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/472-58-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1216-55-0x0000000000000000-mapping.dmp

Download
memory/1216-61-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1216-62-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1220-56-0x0000000000000000-mapping.dmp

Download
memory/1220-60-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1220-63-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download