546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43

Analysis

max time kernel
140s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:11

Target

546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
Size

607KB
MD5

7aa59757126a617df738a04ced953323
SHA1

542040f6be7a276f5589765bf5e0744d5153254b
SHA256

546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43
SHA512

604bf90f86d244228c09d6bb3012f1bc452243ebf4ca7a1e7c97a56f98af4672f90dbbc32aa4b3bc7f4bd40d0aa4a2c20e133578920c7d34a9b9fe51eeeb0a20
SSDEEP

6144:ACanQuBn7mnPhIXdPUCA6nr2VKtvF9oNkCDl584ia7wgGizbmAh/nT+2CoOkrcuq:ALEwSQL9Inia7wgBmAh/nBOkAu4r

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe

description	pid	process	target process
PID 2540 wrote to memory of 4912	2540	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 2540 wrote to memory of 4912	2540	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 2540 wrote to memory of 4912	2540	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 2540 wrote to memory of 3156	2540	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 2540 wrote to memory of 3156	2540	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
PID 2540 wrote to memory of 3156	2540	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe	546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe

C:\Users\Admin\AppData\Local\Temp\546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
"C:\Users\Admin\AppData\Local\Temp\546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
start
2⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\546cbf25a1e00c875b544034c3d66175815d454b8fb3d974cd63b1bf1bca0e43.exe
watch
2⤵
PID:3156

memory/2540-134-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/3156-133-0x0000000000000000-mapping.dmp

Download
memory/3156-136-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/3156-138-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/3156-139-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/4912-132-0x0000000000000000-mapping.dmp

Download
memory/4912-135-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/4912-137-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download