ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138

Analysis

max time kernel
184s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 07:39

Target

ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe
Size

526KB
MD5

680b9275b7e20a015f41c739d0a2db4d
SHA1

cc07523692d25a1c5500179f637fc3dec576d602
SHA256

ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138
SHA512

43ac780451519271536bad9734f893f356af3c5fb5dce1647e6e36a1311dfedd0e2d07d1ab5d20567f866c99d4283a86dc676ac171352fca9c4c1a3bf0b454da
SSDEEP

12288:93c7xpbMIu7QVnBz7woOLbiydy18xQqpx8O5PI:938rB3XwocLdatqpx83

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe

description	pid	process	target process
PID 4328 wrote to memory of 5068	4328	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe
PID 4328 wrote to memory of 5068	4328	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe
PID 4328 wrote to memory of 5068	4328	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe
PID 4328 wrote to memory of 5048	4328	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe
PID 4328 wrote to memory of 5048	4328	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe
PID 4328 wrote to memory of 5048	4328	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe	ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe

C:\Users\Admin\AppData\Local\Temp\ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe
"C:\Users\Admin\AppData\Local\Temp\ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4328

C:\Users\Admin\AppData\Local\Temp\ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe
start
2⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\ab1fcf4fe1a8202105c53087f31321c4f8bb8a31cd1cd3e9e9c2fbd25b287138.exe
watch
2⤵
PID:5048

memory/4328-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4328-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5048-134-0x0000000000000000-mapping.dmp

Download
memory/5048-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5048-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5048-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5068-133-0x0000000000000000-mapping.dmp

Download
memory/5068-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5068-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/5068-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download