30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc

Analysis

max time kernel
178s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 07:49

Target

30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe
Size

526KB
MD5

ea917cbcf88a3e19eee7cc7bc8ccf11e
SHA1

daf3712a56bddbdc41b6aeb48d6454e693992a25
SHA256

30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc
SHA512

2d1d7217dd32479b6d29c3496a98d62c50fbf5a6ee99646c7ffaccb32ad320ec0e0bcbc69984143ebc1e010762c85e4b4cd1b4c1168ef38a8c9ce04c875f11b1
SSDEEP

12288:FsXTd4Ir/wk9WeDKKDKS+2My18xQqpx8O5Cj:eyIbwKW2LDKoMatqpx8d

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe

description	pid	process	target process
PID 1444 wrote to memory of 3192	1444	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe
PID 1444 wrote to memory of 3192	1444	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe
PID 1444 wrote to memory of 3192	1444	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe
PID 1444 wrote to memory of 4284	1444	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe
PID 1444 wrote to memory of 4284	1444	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe
PID 1444 wrote to memory of 4284	1444	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe	30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe

C:\Users\Admin\AppData\Local\Temp\30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe
"C:\Users\Admin\AppData\Local\Temp\30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1444

C:\Users\Admin\AppData\Local\Temp\30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe
start
2⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\30728143ed62c7122ef5154030cb67ae64f027aff50f4f8e561f46cb6e001ffc.exe
watch
2⤵
PID:4284

memory/1444-135-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1444-132-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3192-140-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3192-143-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3192-133-0x0000000000000000-mapping.dmp

Download
memory/3192-136-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3192-142-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/3192-139-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4284-138-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4284-141-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4284-137-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/4284-134-0x0000000000000000-mapping.dmp

Download
memory/4284-144-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download