cff8e89d59088a8a15278c6863ba3af2aee526dbec64a4bef5c798c5ceea123f

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:07

Target

cff8e89d59088a8a15278c6863ba3af2aee526dbec64a4bef5c798c5ceea123f.exe
Size

178KB
MD5

437166552954cd805cbad7304ee6af30
SHA1

afa744133d5e978e6565a30291183601fc5ab588
SHA256

cff8e89d59088a8a15278c6863ba3af2aee526dbec64a4bef5c798c5ceea123f
SHA512

a2fe27393f43d7e72c9495e5832ac2dbf639729a36d5afaaa11d83b3e9bce61685fc95f14a27fafc814985394e9de1c4e8bba9e55b2e19d60be34d16020e96c9
SSDEEP

1536:BpJIBdd8DKbce+gHbcqlWKo9UU3Lyp02Aw+8bXzYa/FVprBHT+JqtdZR97hlBQzx:9I8KFbcql49UULD9uXca/7TPplhYl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cff8e89d59088a8a15278c6863ba3af2aee526dbec64a4bef5c798c5ceea123f.exe

description	pid	process	target process
PID 1600 wrote to memory of 976	1600	cff8e89d59088a8a15278c6863ba3af2aee526dbec64a4bef5c798c5ceea123f.exe	dw20.exe
PID 1600 wrote to memory of 976	1600	cff8e89d59088a8a15278c6863ba3af2aee526dbec64a4bef5c798c5ceea123f.exe	dw20.exe
PID 1600 wrote to memory of 976	1600	cff8e89d59088a8a15278c6863ba3af2aee526dbec64a4bef5c798c5ceea123f.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\cff8e89d59088a8a15278c6863ba3af2aee526dbec64a4bef5c798c5ceea123f.exe
"C:\Users\Admin\AppData\Local\Temp\cff8e89d59088a8a15278c6863ba3af2aee526dbec64a4bef5c798c5ceea123f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 368
  2⤵
  PID:976

memory/976-54-0x0000000000000000-mapping.dmp

Download
memory/976-55-0x000007FEFBB51000-0x000007FEFBB53000-memory.dmp

Filesize
8KB

Download