3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 23:00

Target

3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe
Size

503KB
MD5

eb2911e06f2979b671dcde3e1bea348a
SHA1

921384d2e7652cb93152b53fe99e843400e7fc09
SHA256

3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359
SHA512

2cc01ef5faca2237ec8ebea35aa0492814bd3074c807e6794c724678c4d86fdb9845b695b5cf073ef9e3fc06170d19dd2dc2dbf7a14a4af139ef727371800fe7
SSDEEP

12288:1idR48y6Cgd9TYr9wMxjfYHO8YW3Svnmx2:1idW8yts9T8wwjEYmx2

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 2536	892	3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe	77
PID 892 wrote to memory of 2536	892	3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe	77
PID 892 wrote to memory of 2536	892	3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe	77
PID 892 wrote to memory of 1152	892	3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe	78
PID 892 wrote to memory of 1152	892	3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe	78
PID 892 wrote to memory of 1152	892	3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe	78

C:\Users\Admin\AppData\Local\Temp\3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe
"C:\Users\Admin\AppData\Local\Temp\3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:892
- C:\Users\Admin\AppData\Local\Temp\3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe
  start
  2⤵
  PID:2536
- C:\Users\Admin\AppData\Local\Temp\3fb6f8044a5f2e3ab2493da2faf528f60dcef62c339bef0c6668575f9a53a359.exe
  watch
  2⤵
  PID:1152

memory/892-134-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1152-136-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1152-138-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1152-140-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1152-142-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1152-143-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2536-135-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2536-137-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2536-139-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2536-141-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download