59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462

Analysis

max time kernel
170s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2022, 07:45

Target

59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe
Size

522KB
MD5

9d147795c34c0f12f65b192c8404b30a
SHA1

3f901a8e28d543787f2a60edd9cce67c7091df5e
SHA256

59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462
SHA512

77b916db96c2e9612fa59e8e1b69e35988bea2d9c16b08d4666e93acfd1cfeabb45bb84d0ae05fdcf21490711a8e59ed0a07a9924685ee8515714e57d7e40144
SSDEEP

12288:J8Uqgg9O0HLCToNmsyYFwVy18xQqpx8O57:A9O0HLVV+Vatqpx8

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 1640	3356	59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe	85
PID 3356 wrote to memory of 1640	3356	59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe	85
PID 3356 wrote to memory of 1640	3356	59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe	85
PID 3356 wrote to memory of 4060	3356	59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe	86
PID 3356 wrote to memory of 4060	3356	59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe	86
PID 3356 wrote to memory of 4060	3356	59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe	86

C:\Users\Admin\AppData\Local\Temp\59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe
"C:\Users\Admin\AppData\Local\Temp\59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Users\Admin\AppData\Local\Temp\59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe
  start
  2⤵
  PID:1640
- C:\Users\Admin\AppData\Local\Temp\59277a3e8510f87de862ae695a310dc5c9877116cef5f5f580c1942748603462.exe
  watch
  2⤵
  PID:4060

memory/1640-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1640-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1640-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3356-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3356-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4060-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4060-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4060-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download