1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402

Analysis

max time kernel
139s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:04

Target

1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402.exe
Size

82KB
MD5

44a194f8568c4f2e2de359c57442f280
SHA1

bb2304012ede2c1bab8d66e5786c7e5632e1d288
SHA256

1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402
SHA512

ab083b7cd90a6b51b46418ba6de4285e57b7413b48b63a17a5154293cc563dcbe9fe9ff02634835316fa982c51edf42dddd6ddef2ab037089a350dc638e49726
SSDEEP

1536:CBsKwh6ruAy+sGOnJMHvdZ/KNkEZFnt/nujkqkSZZZ3gdtibiOA1:CBXwhR+jOJg7KbnujSUlbi

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

dw20.exe

pid process

1208 dw20.exe

pid	process
1208	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402.exe

description	pid	process	target process
PID 2032 wrote to memory of 1208	2032	1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402.exe	dw20.exe
PID 2032 wrote to memory of 1208	2032	1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402.exe	dw20.exe
PID 2032 wrote to memory of 1208	2032	1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402.exe	dw20.exe
PID 2032 wrote to memory of 1208	2032	1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402.exe
"C:\Users\Admin\AppData\Local\Temp\1bfab11d08cd59342e8815fc90cc8672305885241379698637b85065da0c4402.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 400
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1208

memory/1208-55-0x0000000000000000-mapping.dmp

Download
memory/2032-54-0x0000000075C21000-0x0000000075C23000-memory.dmp

Filesize
8KB

Download
memory/2032-56-0x00000000745F0000-0x0000000074B9B000-memory.dmp

Filesize
5.7MB

Download
memory/2032-58-0x00000000745F0000-0x0000000074B9B000-memory.dmp

Filesize
5.7MB

Download