54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0

Analysis

max time kernel
69s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:11

Target

54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe
Size

522KB
MD5

27eeff6214ed17feae20f4f43bc8b3d3
SHA1

e5dc6b663941f41fafd5078c56b8afa930ea2268
SHA256

54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0
SHA512

1b0192d898b54f3b535624467bc08678f16bb21018ab4385a50e8d735e81c58e0000affc3c20dc3f594ba07b00dcaa2a0bbb0d2460cccce47b98f1afafe8bc92
SSDEEP

6144:Ovzau94vrNKFnW5RaMNIRVcW65yTob02w9SwmQy1CrxQqD9RSaSz+8O5knWKW:0lyvSns5IrcW4y4My18xQqpx8O5kB

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe

description	pid	process	target process
PID 3036 wrote to memory of 3748	3036	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe
PID 3036 wrote to memory of 3748	3036	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe
PID 3036 wrote to memory of 3748	3036	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe
PID 3036 wrote to memory of 2620	3036	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe
PID 3036 wrote to memory of 2620	3036	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe
PID 3036 wrote to memory of 2620	3036	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe	54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe

C:\Users\Admin\AppData\Local\Temp\54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe
"C:\Users\Admin\AppData\Local\Temp\54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3036

C:\Users\Admin\AppData\Local\Temp\54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe
start
2⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\54b995fdcfd797b99d2daa84111c37d34f4d6b182ee64d816bd780015cf6f5f0.exe
watch
2⤵
PID:2620

memory/2620-133-0x0000000000000000-mapping.dmp

Download
memory/2620-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2620-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2620-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2620-143-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3036-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3036-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3748-134-0x0000000000000000-mapping.dmp

Download
memory/3748-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3748-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3748-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3748-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download