b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541

Analysis

max time kernel
203s
max time network
222s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 23:31

Target

b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe
Size

506KB
MD5

3863bf6b624a2fe2ab77bf6eac1c7f95
SHA1

81c194870d324a0a98b20a559b7a24bcc8152ecf
SHA256

b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541
SHA512

da58ccd83b297539e6e20a2cb44db3c14412349aa948ceb8d2d2c710e22f8a4c8c4bc0020f2bd633283b81f3807ea0384041b6d0724fa4bebea220b4d91ab121
SSDEEP

6144:oi0NTS+nCyiYmlJrXzfxahwi6JcgmAZRNpsYpiZP8lxwGQe/QxhR/WTEouybKotH:3eRCyi3cwJAgYY4ZPSxwgiHGbz

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 320	4692	b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe	85
PID 4692 wrote to memory of 320	4692	b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe	85
PID 4692 wrote to memory of 320	4692	b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe	85
PID 4692 wrote to memory of 1172	4692	b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe	86
PID 4692 wrote to memory of 1172	4692	b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe	86
PID 4692 wrote to memory of 1172	4692	b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe	86

C:\Users\Admin\AppData\Local\Temp\b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe
"C:\Users\Admin\AppData\Local\Temp\b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Users\Admin\AppData\Local\Temp\b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe
  start
  2⤵
  PID:320
- C:\Users\Admin\AppData\Local\Temp\b740efe4355346b760af23d5d1f22746b25a7519e45e957d6b24fc43c8c85541.exe
  watch
  2⤵
  PID:1172

memory/320-137-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/320-139-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/320-141-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1172-138-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1172-140-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1172-142-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4692-136-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download