546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:11

Target

546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
Size

607KB
MD5

7aa59757126a617df738a04ced953323
SHA1

542040f6be7a276f5589765bf5e0744d5153254b
SHA256

546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43
SHA512

604bf90f86d244228c09d6bb3012f1bc452243ebf4ca7a1e7c97a56f98af4672f90dbbc32aa4b3bc7f4bd40d0aa4a2c20e133578920c7d34a9b9fe51eeeb0a20
SSDEEP

6144:ACanQuBn7mnPhIXdPUCA6nr2VKtvF9oNkCDl584ia7wgGizbmAh/nT+2CoOkrcuq:ALEwSQL9Inia7wgBmAh/nBOkAu4r

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe

description	pid	process	target process
PID 1980 wrote to memory of 1756	1980	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 1980 wrote to memory of 1756	1980	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 1980 wrote to memory of 1756	1980	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 1980 wrote to memory of 1756	1980	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 1980 wrote to memory of 976	1980	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 1980 wrote to memory of 976	1980	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 1980 wrote to memory of 976	1980	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 1980 wrote to memory of 976	1980	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe

C:\Users\Admin\AppData\Local\Temp\546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
"C:\Users\Admin\AppData\Local\Temp\546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980

C:\Users\Admin\AppData\Local\Temp\546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
start
2⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
watch
2⤵
PID:976

memory/976-57-0x0000000000000000-mapping.dmp

Download
memory/976-60-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/976-64-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/1756-55-0x0000000000000000-mapping.dmp

Download
memory/1756-61-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/1756-62-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/1756-63-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/1980-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download
memory/1980-59-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download