6b8214c4daf9081589a343d87d80c71a3bc6efeeab2cf1b913991d840d82adb1

Analysis

max time kernel
172s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 20:51

Target

6b8214c4daf9081589a343d87d80c71a3bc6efeeab2cf1b913991d840d82adb1.exe
Size

68KB
MD5

454126f524aefb7cfe89ec5223999b93
SHA1

db0e67f8d2df3ca18b46840a1e1eac2a371f183a
SHA256

6b8214c4daf9081589a343d87d80c71a3bc6efeeab2cf1b913991d840d82adb1
SHA512

507bf7b008364bda4c62958a0e2d1167b48882ec8196e041b70b5af071d4999f3d57f53cb2d7b1d433258903db4e1493c0d85871bda124b422a69d10fab9e85a
SSDEEP

768:E4hZ1p/ija+1IGpFrSoye5TPhTCaz5d/f:E4hZWRxbFIkdX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 224	2556	6b8214c4daf9081589a343d87d80c71a3bc6efeeab2cf1b913991d840d82adb1.exe	85
PID 2556 wrote to memory of 224	2556	6b8214c4daf9081589a343d87d80c71a3bc6efeeab2cf1b913991d840d82adb1.exe	85
PID 2556 wrote to memory of 224	2556	6b8214c4daf9081589a343d87d80c71a3bc6efeeab2cf1b913991d840d82adb1.exe	85

C:\Users\Admin\AppData\Local\Temp\6b8214c4daf9081589a343d87d80c71a3bc6efeeab2cf1b913991d840d82adb1.exe
"C:\Users\Admin\AppData\Local\Temp\6b8214c4daf9081589a343d87d80c71a3bc6efeeab2cf1b913991d840d82adb1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\6b8214c4daf9081589a343d87d80c71a3bc6efeeab2cf1b913991d840d82adb1.exe"
  2⤵
  PID:224

C:\Windows\system32\WerFault.exe
"C:\Windows\system32\WerFault.exe" -k -l WATCHDOG WATCHDOG-20221124-0050.dmp
1⤵
PID:5060

memory/2556-132-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2556-134-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download