31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0

Analysis

max time kernel
176s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 07:49

Target

31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe
Size

518KB
MD5

9997ce5ec1d2407d4dfaec98a9361cc9
SHA1

12dcf936c097c9af9b0f96e08dfd92843f4f4687
SHA256

31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0
SHA512

fdcb1e4474e8e24c907c7924790715777037b81553ff2d543be0f36a8f8b1ac551eeef4811ef6375aa5772942b389dc1b176cb385619d6f1838998f2b30d2fd4
SSDEEP

12288:Ru83aijz2wepjUkzJZwYYlLPt5oKnWq3hVb:k+jejUkzJWlLPt5/WC

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe

description	pid	process	target process
PID 4848 wrote to memory of 3444	4848	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe
PID 4848 wrote to memory of 3444	4848	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe
PID 4848 wrote to memory of 3444	4848	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe
PID 4848 wrote to memory of 2224	4848	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe
PID 4848 wrote to memory of 2224	4848	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe
PID 4848 wrote to memory of 2224	4848	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe	31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe

C:\Users\Admin\AppData\Local\Temp\31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe
"C:\Users\Admin\AppData\Local\Temp\31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848

C:\Users\Admin\AppData\Local\Temp\31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe
start
2⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\31689aab895764fcc8d34390f6ada8180e6b1af1bf097c0be8153c8b2d1d6ec0.exe
watch
2⤵
PID:2224

memory/2224-133-0x0000000000000000-mapping.dmp

Download
memory/2224-137-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2224-139-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3444-134-0x0000000000000000-mapping.dmp

Download
memory/3444-136-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3444-138-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4848-132-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4848-135-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download