92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288

Analysis

max time kernel
152s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 07:41

Target

92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe
Size

522KB
MD5

312fbc3b94600ca9f24a64a533542721
SHA1

92450e0f94288a816b0fefbcf6cb74e6c590a047
SHA256

92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288
SHA512

68f88cf11ab414ad565a45bd03aebd8bde93f2ef6a0d7c2bb25484692e16cff24962d73227bcf2463ceee6faf4d1d4d7052c4f878598eddf6845721e5bd3e1b7
SSDEEP

6144:BA1IqlgbVUkXdwDkaghPpM2oE6bm0xA9mQy1CrxQqD9RSaSz+8O5RH1Oqe:eNXk3agoE6C0a/y18xQqpx8O5R

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe

description	pid	process	target process
PID 4356 wrote to memory of 4580	4356	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe
PID 4356 wrote to memory of 4580	4356	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe
PID 4356 wrote to memory of 4580	4356	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe
PID 4356 wrote to memory of 3848	4356	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe
PID 4356 wrote to memory of 3848	4356	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe
PID 4356 wrote to memory of 3848	4356	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe	92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe

C:\Users\Admin\AppData\Local\Temp\92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe
"C:\Users\Admin\AppData\Local\Temp\92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4356

C:\Users\Admin\AppData\Local\Temp\92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe
start
2⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\92c3c4bf014c20e3c53f0a1a2159e5fb4766d071959462ac695cc815f849d288.exe
watch
2⤵
PID:3848

memory/3848-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3848-134-0x0000000000000000-mapping.dmp

Download
memory/3848-144-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3848-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3848-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4356-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4356-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4356-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4580-135-0x0000000000000000-mapping.dmp

Download
memory/4580-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4580-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4580-143-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4580-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download