6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf

Analysis

max time kernel
144s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 07:44

Target

6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe
Size

522KB
MD5

d0b5bf26dc3f93c3ffe204155044777f
SHA1

a349ceac1a8b4c973993f57a42efad482636363b
SHA256

6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf
SHA512

2c7670153471906f9acc222e2b1f8872664bed9864ac116fc6883b3173c97874963c712eb0b656cf1a6cee3a813f58b2cf80b2486fbab2d7639aa048b21b4d48
SSDEEP

6144:/Ai/hc+bt55jtevqVEJB+UvK/Tb7O6qKZ8mPXa83mQy1CrxQqD9RSaSz+8O5EybW:zlPtmIg+UvES62FCy18xQqpx8O5Ec

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe

description	pid	process	target process
PID 1660 wrote to memory of 4312	1660	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe
PID 1660 wrote to memory of 4312	1660	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe
PID 1660 wrote to memory of 4312	1660	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe
PID 1660 wrote to memory of 4620	1660	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe
PID 1660 wrote to memory of 4620	1660	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe
PID 1660 wrote to memory of 4620	1660	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe	6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe

C:\Users\Admin\AppData\Local\Temp\6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe
"C:\Users\Admin\AppData\Local\Temp\6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660

C:\Users\Admin\AppData\Local\Temp\6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe
start
2⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\6661abb08da89688e66bdeed4ec88031d1e376c3f40475d1d60389451d92eecf.exe
watch
2⤵
PID:4620

memory/1660-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1660-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1660-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4312-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4312-135-0x0000000000000000-mapping.dmp

Download
memory/4312-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4312-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4312-143-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4620-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4620-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4620-134-0x0000000000000000-mapping.dmp

Download
memory/4620-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4620-144-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download